Google Chrome 56 is Tagging http:// Websites as Not Secure. Is it Misleading?

Google Chrome 56, coming in January 2017, will flag HTTP sites as NOT SECURE

When Google announced in September 2016 that it would eventually start flagging all http:// sites that collect sensitive information as “not secure”, everyone thought it was a great idea. Users could now rely on Google to tell them that a particular website did or did not have an SSL certificate that made it secure and trustworthy for things like financial transactions.

That’s one of the things Google Chrome 56 brought to the table, but there’s a big problem here. Just because a site has an additional layer of security protecting the information that comes in or goes out of it, that doesn’t necessarily mean the information itself is 100% hack-proof.

The confusion here is because of the assumption that people will naturally make – that every site with https is absolutely safe and secure, which it isn’t necessarily true.

Https is merely a secure protocol for communication between your browser and the internet where the information sent is encrypted, with a key made available to the user’s browser.

While that makes https sites “more secure” than http ones, they don’t necessarily guarantee the security of your sensitive information – passwords, credit card numbers and so on.

There are any number of ways for hackers to breach https security. The MITM, or man-in-the-middle method, for example, doesn’t even require the site to be hacked; it can still skim the data that you’re sending to the site, which is good enough when you’re sending credit card information or a password.

Google’s purpose and intent is laudable. They want http sites that collect sensitive information to be shamed into getting their traffic encrypted. But now that they’re actually doing it with Google Chrome 56 by tagging these sites and “not secure”, the natural assumption that people are going to make is that https means fully secure. It’s a logical assumption, after all.

That’s the misleading part. It’s not intentional, of course, but it may confuse people into thinking that they’re off the hook whenever they use an https site. Not true. As we saw, hackers don’t even need to hack into the website to get the information you send; all they need to do is get between your browser and the website.

As such, https is no guarantee of security. It is undoubtedly more desirable than http when it comes to private information, but there are so many other factors that contribute to the security of a piece of communication traveling in cyberspace.

Using public WiFi for things like online banking, using a shared computer for online shopping and several other “typical consumer practices” are the real weak points in the security chain. As a user, the responsibility for security rests on you as much as the sites you access, the browser you use and the security features built into these assets.

So, the next time you log into your system, remember that online security is a lot more than just Google Chrome 56 tagging an https site as “secure”.

Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.