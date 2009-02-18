18/02/09/0516219 story
Google Chrome will begin to mark all HTTP sites as "not secure" starting in July 2018. This is just a warning displayed in the URL bar and won't stop users from loading the pages:
For the past several years, we've moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we've also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as "not secure". Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as "not secure".
(Score: 3, Insightful) by bob_super on Friday February 09, @06:47PM (10 children)
Categories of people:
- Those who won't notice the warning
- Those who don't care, or don't know what to do about the warning
- Those who will panic needlessly
- Those who know, but can't force the website to change, and may grumble and/or bitch on feedback forums, to people who don't have the time to fix a problem they DO already know exists.
- Those who understand that the whole internet, regardless of encryption, is "not secure"
So ... who are we helping, here ? Awareness is mostly good, I guess.
(Score: 4, Touché) by urza9814 on Friday February 09, @07:20PM
FTFY...I think you missed one :)
(Score: 4, Insightful) by requerdanos on Friday February 09, @07:44PM (4 children)
Good question; probably not helping many...
Some data, it's important to spend the CPU cycles and bandwidth to make sure get encrypted on the way and decrypted at each end.
Some data, it doesn't much matter.
Even better, what data falls into which group varies by the person, group, and circumstance.
For me, my email, logins, etc. need to be encrypted. If I look up what a euro size 39 shoe would fit in a US shoe size, maybe not so important that it be encrypted.
For the people in a totalitarian country that oppresses shoemakers, it might be critical that it's encrypted (but it might not much matter if their local-language-to-russian dictionary chatter is encrypted because everyone in the country watches Russian TV and Russian isn't their first language).
(But in a neighboring country, the dictator is cracking down on Russian sympathizers...)
And from here, it gets worse... only a small (probably single digit if even that) percentage of the population is even capable of articulating this state of being (the knowing grumblers), much less worrying about it.
For everyone else, if there is a "WARNING: This page is not securE!!!," then much of that majority of the population good at what they are good at, but clueless at these nuances, will start thinking that it's not an intelligent decision where to deploy resources, but rather a black-and-white-good-and-bad "Secure pages are okay! Not Secure pages are evil! Danger! Like viruses and stuff!" (Your Panic People).
If such a warning led to awareness, that would be mostly good, but I think it's likely to do the opposite.
(Score: 3, Funny) by bob_super on Friday February 09, @07:48PM (3 children)
> If I look up what a euro size 39 shoe would fit in a US shoe size, maybe not so important that it be encrypted.
Bad example. How many different Penis Enlargement ads are you going to need to block?
(Score: 2) by requerdanos on Friday February 09, @08:07PM (1 child)
Thank you for pointing this out.
I don't know what people use shoes for that this would be a problem, but I block ads at the /etc/hosts level with blocklists + local whitelist.
This makes me forget what the general experience is, and has led me to cheerfully recommend sites to people in the past who came back and said "why did you recommend that site, it has porn all over it, which made it a little uncomfortable at the office?" ---- having never seen the site's ads.
Maybe looking up equivalencies for imperial and metric tools? Or transposing musical keys?
(Score: 2) by bob_super on Friday February 09, @08:18PM
> I don't know what people use shoes for that this would be a problem
Your specific example was size 39, which for men means small ... feet.
(Score: 0) by Anonymous Coward on Friday February 09, @08:08PM
I need encryption because I don't want nosy hackers to know what kind of porn I like!!!!!!!!!!!
(Score: 1) by RedIsNotGreen on Friday February 09, @08:23PM
Helping the big boys get a tighter grip.
(Score: 3, Informative) by frojack on Friday February 09, @08:34PM (2 children)
The other thing this does is ENCOURAGES people to ignore this warning.
If a site collects no personal data (no forms to fill in), is non-commercial, and is simply someone's presentation of an area of interest, (fly fishing, botany, skiing, photography, what-ever), there really isn't one single reason to encrypt that page.
Its like the EU mandated warnings about cookies. What good does that pop-up do, other than teach people to click through it automatically? Mindless warnings about info only pages could backfire the same way.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Friday February 09, @09:29PM (1 child)
It prevents man-in-the-middle manipulation of the contents.
(Score: 2) by frojack on Friday February 09, @09:35PM
Who gives a rip? Whats the worst that can happen, I tie a blue-drifter fly wrong? An ad slips in?
Besides, I have way less confidence in TLS that you do.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Friday February 09, @09:06PM (1 child)
Upon encountering an HTTPS site, Mozilla browsers would turn the Address Bar yellow (not e.g. green), as if that was something odd.
On HTTP sites, that would stay the regular white.
So, completely backwards.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by frojack on Friday February 09, @09:37PM
But Google's actions are way worse. You don't see the site. You get that "take me back to safety" page and have to drill down to find the I want to see it anyway link. A law suit waiting to happen if you ask me.
No, you are mistaken. I've always had this sig.