HTTPS Everywhere (Really) Starts Today!

Today is the day. It has been talked about for a while, but I think that today is the day that it really starts to happen.  HTTPS will be in the face of all users, not so much because it will be active everywhere all of the sudden, but because users of Chrome and Mozilla will begin to see pages they know and love that are NOT using HTTPS to protect the content sent to them indicated with marks that can affect the user’s trust of the sites that show such a sign.

For example, Pragmatically Cynical now shows the “Secure” symbol next to the URL in Chrome

and in Firefox since we are using HTTPS by default.

However, going to pages with credit card or password entry in Chrome shows the Not Secure flag in the URL:

 

and ANY non-HTTPS page shows a red lock with a stroke through it in Firefox:

So, if you see the Not Secure indicator or red lock icon, you know your data is unprotected between your browser and the server, and you should ask the company to move toward using HTTPS to encrypt the traffic you send to it.  HTTPS protects your search information, your personal details and other data that you send from prying eyes, be they attackers who are trying to use your data for illegitimate activities, or other entities seeking to watch your activity for other reasons. Either way, encryption is a great way to help protect that data as it goes!

Support companies that support HTTPS, and if you run a site, service or application, you can get FREE (as in beer) certificates for your offering and get HTTPS up and running easily via Let’s Encrypt https://letsencrypt.org

Additional info from both Google and Mozilla about their respective HTTP/HTTPS indicators:

Google: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Mozilla: https://blog.mozilla.org/blog/2017/01/24/gets-better-video-gaming-non-secure-web-warning/

N.B. Encryption does not guarantee total protection of data, and should be part of a multi-layer protection scheme by those that run applications and websites to ensure the greatest level of security and privacy of data.

Leave a Reply

Your email address will not be published. Required fields are marked *