Google Chrome will begin to mark all HTTP sites as "not secure" starting in July 2018. This is just a warning displayed in the URL bar and won't stop users from loading the pages:
For the past several years, we've moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we've also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as "not secure". Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as "not secure".
Also at TechCrunch and The Verge.
(Score: 2, Disagree) by frojack on Friday February 09 2018, @09:37PM (4 children)
But Google's actions are way worse. You don't see the site. You get that "take me back to safety" page and have to drill down to find the I want to see it anyway link. A law suit waiting to happen if you ask me.
No, you are mistaken. I've always had this sig.
(Score: 2) by takyon on Friday February 09 2018, @10:28PM (2 children)
Isn't that what Firefox does with self-signed certs?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by unauthorized on Saturday February 10 2018, @03:07PM (1 child)
Yes it does and it'd obnoxious as fuck, but at it's rare enough that it doesn't bug us all the time.
(Score: 2) by urza9814 on Monday February 12 2018, @02:50PM
It gives a warning if the cert is untrusted. Exactly as it should, and no different than it treats any other certs.
If you're got a large infrastructure with a lot of self-signed certs, set up your own internal CA and install it on your devices. If not, just manually install your one or two certs. Either way, if the cert changes, you get a warning instead of just being silently MITMed while still thinking you're still safe.
I'm a fan of marking plain HTTP yellow or even red in the URL bar, but not actually hiding the page contents. Give some kind of visual warning sufficient to make people (at least those who are marginally conscious) hesitant to actually input any personal information, without blocking the information entirely if it doesn't actually need to be secured. Not every webmaster can be trusted to actually set that stuff up properly. In fact, a lot of them are intentionally trying to do it wrong...
(Score: 3, Insightful) by c0lo on Saturday February 10 2018, @01:05AM
It is the bitter pill the civil society need to swallow to make the NSA job harder.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford