Stories
Slash Boxes
Comments

SoylentNews is people

Google Chrome Will Mark Non-HTTPS Sites as "Not Secure" Starting in July 2018

posted by mrpg on Friday February 09 2018, @06:39PM   Printer-friendly
from the what-about-ftp dept.

takyon writes:

Google Chrome will begin to mark all HTTP sites as "not secure" starting in July 2018. This is just a warning displayed in the URL bar and won't stop users from loading the pages:

For the past several years, we've moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we've also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as "not secure". Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as "not secure".

Also at TechCrunch and The Verge.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Google Chrome Will Mark Non-HTTPS Sites as "Not Secure" Starting in July 2018 | Log In/Create an Account | Top | 45 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by takyon on Friday February 09 2018, @10:28PM (2 children)

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Friday February 09 2018, @10:28PM (#635748) Journal

    Isn't that what Firefox does with self-signed certs?

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by unauthorized on Saturday February 10 2018, @03:07PM (1 child)

    by unauthorized (3776) on Saturday February 10 2018, @03:07PM (#636013)

    Yes it does and it'd obnoxious as fuck, but at it's rare enough that it doesn't bug us all the time.

    • (Score: 2) by urza9814 on Monday February 12 2018, @02:50PM

      by urza9814 (3954) on Monday February 12 2018, @02:50PM (#636698) Journal

      It gives a warning if the cert is untrusted. Exactly as it should, and no different than it treats any other certs.

      If you're got a large infrastructure with a lot of self-signed certs, set up your own internal CA and install it on your devices. If not, just manually install your one or two certs. Either way, if the cert changes, you get a warning instead of just being silently MITMed while still thinking you're still safe.

      I'm a fan of marking plain HTTP yellow or even red in the URL bar, but not actually hiding the page contents. Give some kind of visual warning sufficient to make people (at least those who are marginally conscious) hesitant to actually input any personal information, without blocking the information entirely if it doesn't actually need to be secured. Not every webmaster can be trusted to actually set that stuff up properly. In fact, a lot of them are intentionally trying to do it wrong...