Google Chrome to Issue Security Alert on Non-HTTPS Sites

LOS ANGELES — In its latest move to boost the security of the web and to encourage site owners to take a more proactive approach to securing their sites, Google’s popular Chrome browser will soon begin to flag sites using the HTTP protocol as being unsafe.

While it is common knowledge that sites using the HTTP protocol are vulnerable to attack and to all sorts of security problems — and the alternative HTTPS protocol that employs Secure Socket Layer (SSL) encryption to secure communications between web clients and servers has long been readily available — most websites have simply not bothered to upgrade their infrastructure.

SSL relies in part on the registration of a digital certificate that identifies the true ownership of a website and then uses this information to encrypt the user’s browsing session for greater security. Most browser software will display a padlock icon or turn the navigation bar green in order to distinguish a secure site from an insecure one. Google will take this a step further by popping a warning on standard HTTP pages.

The move is the result of a proposal from the Chrome Security Team to have user agents (UAs) such as web browsers to “gradually change their UX to display non-secure origins as affirmatively non-secure,” with a goal of “more clearly [displaying] to users that HTTP provides no data security.”

For its part, Google will transition Chrome to trigger these non-secure site warnings in 2015. The popular search engine is already giving a slight boost to secure HTTPS sites in its rankings, with the weight of this factor expected to grow significantly as its security initiatives roll out.

While currently a gradual and incremental shift towards securing the web through rewarding proactive sites for their customer care, the punitive end of Google’s “carrot and stick” approach will surface when the visitor to a non-secure site is displayed a warning that it is a questionable resource that they visit at their own peril. Although the company is attempting to ease the countless HTTP sites into compliance, its intention to ratchet up the heat is clear.

“We all need data communication on the web to be secure (private, authenticated, untampered),” the team noted in a recent blog post. “When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.”

The team explains that there are three basic transport layer security states applicable to websites, which include “Secure” (sites using valid HTTPS), “Dubious” (sites with valid HTTPS but mixed passive resources or with minor TLS errors), and “Non-secure” (covering sites with broken HTTPS or old style, basic HTTP).

Complicating the matter for many adult website operators is the fact that all elements of a page must be served via HTTPS for an otherwise valid HTTPS page to be considered secure. This means that although a site has a valid security certificate and follows the SSL protocol, third-party content that is not securely delivered will “break the lock” and trigger the insecure site warning.

For example, the common use of iframed ads and content, such as live cam widgets and other add-ons, served via HTTP, will render a secure site insecure. This problem will persist until all affiliate programs, ad networks and service providers such as content plugins, statistics tools and traffic exchanges make their tools secure and available via HTTPS.

The writing is now clearly on the wall, with website operators receiving ample warning to up their game — or be lumped in together with the web’s scammers and non-professional (read “untrustworthy”) websites.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

2024 Pornhub Awards Winners Announced

Winners of the 2024 Pornhub Awards were announced this morning.

Justices Alito, Thomas Invoke Victorian-Era Morality Law, Raising Censorship Concerns

Several national publications reported this week on widespread concern among Free Speech advocates after U.S. Supreme Court Justices Samuel Alito and Clarence Thomas repeatedly invoked during a hearing the infamous segregation-era law the Comstock Act, which was the cornerstone of U.S. censorship of sexual material from the 1870s until the 1970s.

Skinfluential Management's FansFuel Acquires Fanwire

Creator stats and affiliate marketing platform FansFuel has acquired creator account management tool Fanwire.

Nebraska AV Bill Moves Forward Despite Privacy, Free Speech Concerns

Nebraska’s unicameral Legislature has given first-round approval to LB 1092, the state’s version of the age verification bills being sponsored around the country by anti-porn religious conservative activists.

AEBN Celebrates 25th Anniversary

The Adult Entertainment Broadcast Network (AEBN) is celebrating its 25th year in business this week.

Performers in Meta Blacklisting Lawsuit Seek to Preserve Antitrust Claims

Adult Performance Artists Guild board officers Alana Evans, Kelly Pierce and Ruby have informed a California court that, although they want to drop their lawsuit claiming that Meta conspired with OnlyFans to blacklist rival premium fan platforms’ talent, they may still pursue antitrust claims in the future.

FSC, Co-Plaintiffs to Ask US Supreme Court to Review Constitutionality of Texas Age Verification Law

Free Speech Coalition (FSC) and its co-plaintiffs in the challenge to Texas’ controversial age verification law have petitioned the United States Court of Appeals for the 5th Circuit to stay its recent decision upholding the law, because they intend to appeal to the U.S. Supreme Court to review the law’s constitutionality.

FSC Vows to Fight Florida Age Verification Law

Free Speech Coalition (FSC) has issued a statement vowing to continue fighting Florida’s new age verification law, which was signed by Gov. Ron DeSantis on Monday as part of a comprehensive bill targeting minors’ use of social media.

Kansas Republican Aims to Create New Bureaucracy to 'Investigate' Porn Websites

Republican state legislators succeeded Monday in moving forward Kansas’ version of the age verification bills being sponsored around the country by anti-porn religious conservative activists, despite serious concerns raised by House Democrats about the cost of establishing a new bureaucracy tasked with investigating websites for pornographic content.

SK Intertainment Launches 'Skinfluential Management' Agency, FansFuel Joint Venture

Mr. Skin/Mr. Man parent company SK Intertainment has launched new creator agency Skinfluential Management, as well as a new joint venture with Showbizz Media's creator stats and affiliate marketing platform, FansFuel.

Show More