SoylentNews is people
SoylentNews
posted by
cmn32480
on Sunday September 11 2016, @05:48PM
from the there's-gotta-be-a-downside-to-this dept.
from the there's-gotta-be-a-downside-to-this dept.
According to a post on the Google Online Security Blog, beginning in January 2017 Google Chrome will begin flagging all sites that use traditional HTTP rather than HTTPS for passwords or other sensitive information as "insecure". It also indicates that Google plans to eventually start flagging ALL traditional HTTP-only sites as "insecure". While HTTPS has always made sense for truly sensitive information, a pure HTTPS web does have implications for legacy tools - essentially if anyone is not using the absolute latest of one of the "big three" web browsers, they will always potentially be just one security update away from being locked out of the web.
This discussion has been archived.
No new comments can be posted.
Google to Start Punishing HTTP-Only Sites
|
Log In/Create an Account
| Top
| 63 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
squatcho, n.:
The button at the top of a baseball cap.
-- "Sniglets", Rich Hall & Friends
(Score: 2) by theluggage on Tuesday September 13 2016, @04:13PM
If rolled out after the vast majority of sites are already HTTPS, I could see it not contributing to the effect you're worried about.
That last 20% of http sites is gonna take a long time to shift. - run by people in their copious free time, on zero budget, with hosting companies that aren't falling over themselves to add Lets Encrypt support to make it click & drool (no, that's not always essential, but it makes it much easier, especially with Let's Encrypt's short-lived certs).