Google to Publicly Shame Websites that don't use SSL in Chrome

Google to Publicly Shame Websites that don't use SSL in Chrome

In an attempt to make the Internet a safer place for its Chrome browser users, Google is going to start marking websites that receive and transmit sensitive data but don't use SSL encryption as insecure. They're doing this in a move to get more website owners to start using SSL on their site. So you better watch out if your website does receive/send sensitive data but isn't using SSL and start thinking about installing it otherwise it could have a serious effect on your rankings, traffic and business!

No they aren't going to parade you around wearing stocks so you can get rotten tomatoes thrown at you. But they will mark your website as "Non Secure" to any users that visit it in Chrome. But only if they know that website is one that receives/sends sensitive data and isn't using SSL to let users know that their details might not be safe when they use it. So if you're not yet using the HTTPS protocol and you do collect/transmit sensitive data then now is the time to get on and install it on your site!

By implementing SSL on your site, your users data will be encrypted and kept some what safe when entering credit/debit card details, names and addresses etc into your site. And by doing so Google wont label your site as insecure. HTTPS is much more secure than just HTTP and there isn't any performance or speed lost when it's correctly set up and configured so there's no reason really any website that does receive and submit sensitive data should not be using it. It's thought that eventually Google are going to start labeling all websites as insecure if they aren't using SSL regardless to whether they do receive and submit sensitive data or not.Google's Chrome security team member Emily Schechter said on Google’s Online Security Blog that

"Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure,’ given their particularly sensitive nature."

Does SSL Really Make Your Site More Secure?

SSL certificates can offer some protection to the user and their protection is guaranteed by the seal of whatever SSL certificate provider you use. Installing SSL on your site and adding the Trust Guard Security Seal to your site can give your users a little more confidence and also you are covered and protected should their details somehow become intercepted and unencrypted. After all, that's what you pay for!

But having an SSL certificate and using HTTPS on your site can protect transactions they don't protect your site from actually being hacked. To help with that and to prevent it from happening you can use a service like Trust Guard who will scan your site for around 75,500+ known vulnerabilities used by hackers to hack into and access your customers and companies sensitive data that may be stored on your server somewhere. Also it comes with some compensation if you are hacked which again, is what you are paying for should you go that route.

Replacing the Green Tick Icon

Up to now, one way that Google would let Chrome users know if a site is safe to use or not is by relying on user feedback. Safe sites got a green tick to let people know the site was safe and used SSL to encrypt and protect their sensitive data.

But apparently that indicator had not worked very well in the past and doesn't always highlight just how insecure a website is that is not using SSL. Most people don't even understand what the difference between HTTP and HTTPS means and don't look for the padlock icon in the address bar or realize that a site without one isn't a safe site to use to make purchases on using credit/debit card details. This has meant people have been the victim of fraud.

It's because of this that Google are trying to do more to make people realize the dangers and are now explicitly marking sites not secure even if you are visiting that site in an incognito tab. And in future, other later releases of Chrome will extend these non SSL/HTTPS warnings by showing a red triangle to let people know it's not secure and safe to use or working as they should be.

It's much harder for secured HTTPS encrypted connections to be intercepted and unencrypted in comparison to standard HTTP connections. Of course it doesn't offer complete and total protection. In another recent cyber security article this month we saw how SSL encrypted connections can be sniffed, intercepted and unencrypted on the fly by people with the right knowledge and tools and this information is becoming increasingly more available to anyone determined enough to find out how to do it.

What do you think about this move by Google?

Do you think some sites could become unfairly given a red triangle?

Should all websites use HTTPS/SSL even if they don't receive/transmit sensitive data?