Friday, September 9, 2016

Chrome's next trick aims to make the web a safer place to shop

Chrome's next trick aims to make the web a safer place to shop

Google is busy upping its game with Chrome in various different ways – most recently improving its efficiency so the browser doesn't drain laptop batteries so swiftly – and another fresh initiative is a move to tighten things on the security front by clearly showing when the likes of online shopping sites are failing to use HTTPS.

HTTPS connections are secure and encrypted to protect any data transferred – which is obviously vital when that's the likes of your credit card details, or account passwords – whereas plain HTTP connections don't offer that security and leave users potentially open to exploits.

Currently with Chrome, if you're visiting a site which uses HTTPS, that fact is highlighted clearly by a green lock icon next to the URL in the address bar. Sites which use HTTP are simply marked with a neutral icon (although if you click it, this will inform you that 'your connection to this site is not private').

Risky business

However, starting with Chrome 56 (due to arrive at the beginning of next year), Google will actually flag sites which use HTTP and transmit financial/card details or passwords as 'Not secure'. Thus letting users see more clearly that they're taking something of a risk.

In a blog post spotted by CNET, Emily Schechter of the Chrome Security Team observed that this was part of a "long-term plan to mark all HTTP sites as non-secure". So while this might just be a measure for websites dealing with sensitive data when it first arrives with Chrome 56, eventually it will apply to every site across the web – and such sites will be clearly marked with a red triangle warning icon.

This is, essentially, Google's not-so-subtle nudge to website developers to get their skates on transferring over to use HTTPS.

How many websites in total now use HTTPS? According to Google's stats drawn from its browser, just over half of Chrome desktop page loads are completed over HTTPS.



from blogger-2 http://ift.tt/2cfDGNg
via IFTTT

No comments:

Post a Comment