From July 2018 pages loaded with the HTTP protocol will be untrusted for the Chrome browser

Mozilla announced that change some time ago, which added a hidden " security.insecure_connection_icon.enabled " setting to his Firefox browser. It is available in the advanced configuration " about:config " and is intended to alert users to loading resources with an unencrypted protocol - and not only on websites containing online payments or logging in to websites. This applies to all sites and without exception. Now, from July 2018 pages loaded with the HTTP protocol will be untrusted (dangerous) also for Google Chrome browser version 68.

Web pages loaded with HTTP will be untrusted

Web pages loaded with HTTP will be untrusted

The decision of the Google team is dictated by the security of users. According to the information provided on Google Security Blog as much as 68% of traffic in the Google browser on Android and Windows is encrypted. On a Mac, it's 78 percent. In turn, 81 of the 100 most popular websites in the world also use the HTTPS protocol.

The policy of the forceful introduction of "green padlocks" has supporters and opponents. The former cite an allegedly better position in the search engine, but it really only improves the overall rating for Google algorithms. The HTTPS protocol gives the user a certain "security certificate" and increases trust in the content or service publisher. Opponents of using SSL certificates mention slightly lower performance of websites and unnecessary costs, especially on websites where content that does not require login is displayed. The truth, however, is that more and more companies offer website integration with free Let's Encrypt certificates absolutely free.

In practice, the "green padlock" does not give 100% security, although it provides domain verification and encryption of connections. The most common way of deceiving a user is to infect a computer with malware that installs an SSL certificate in the system, set up a proxy server by downloading the configuration from the criminals server and redirects the victim to a confusingly similar page, but controlled by criminals. A user without proper system security may not be able to distinguish a real website from a fake one. To reveal the evil intentions of criminals can only the URL bar. But even before this, it is not always possible to protect. The mBank client, who lost several tens of thousands of zlotys as a result of the man-in-the-browser attack, became convinced of this.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.