According to a post on the Google Online Security Blog, beginning in January 2017 Google Chrome will begin flagging all sites that use traditional HTTP rather than HTTPS for passwords or other sensitive information as "insecure". It also indicates that Google plans to eventually start flagging ALL traditional HTTP-only sites as "insecure". While HTTPS has always made sense for truly sensitive information, a pure HTTPS web does have implications for legacy tools - essentially if anyone is not using the absolute latest of one of the "big three" web browsers, they will always potentially be just one security update away from being locked out of the web.
(Score: 3, Informative) by mcgrew on Monday September 12 2016, @05:48PM
I have two web sites. There is no login, no ads, no cookies, and the tiniest bit of javascript to send phones to a phone-friendly page. There is absolutely no need whatever for either site to have HTTPS, so why should I go to the trouble?
That's just nuts. Yes, if you need a password to get into a site it should be HTTPS, but a static HTML page doesn't need HTTPS.
mcgrewbooks.com mcgrew.info nooze.org