According to a post on the Google Online Security Blog, beginning in January 2017 Google Chrome will begin flagging all sites that use traditional HTTP rather than HTTPS for passwords or other sensitive information as "insecure". It also indicates that Google plans to eventually start flagging ALL traditional HTTP-only sites as "insecure". While HTTPS has always made sense for truly sensitive information, a pure HTTPS web does have implications for legacy tools - essentially if anyone is not using the absolute latest of one of the "big three" web browsers, they will always potentially be just one security update away from being locked out of the web.
(Score: 2) by darkfeline on Sunday September 11 2016, @10:36PM
So, the choice is between HTTP only and HTTPS only? Allow me to make a unprecedented proposal: why not both HTTP and HTTPS?
And that's ignoring the fact that even cURL handles HTTPS, so you really don't have an excuse to be using a browser that doesn't support it. If your deprecated browser has less features than a small command line utility, you may as well just cURL the webpages and open them up in notepad or something.
"Legacy tools". Even cURL and ed can do it, there's literally no excuse.
Join the SDF Public Access UNIX System today!