More threads by djbaxter

djbaxter

Administrator
Joined
Jun 28, 2012
Messages
3,778
Solutions
2
Reaction score
1,877
True to their word, Google today released version 68 of their Chrome Browser and, as promised, they have changed the way they warn users about potential issues with web sites.

In previous versions, Chrome (and Firefox and most other browsers) alerted users to sites that were not using SSL with a red padlock next to the URL, and sites with mixed content displayed an orange padlock.

Starting with version 68, Chrome now uses a stronger warning system. If you haven't yet converted your site to HTTPS / SSL, now is the time to give it serious consideration. You should also check that your site correctly redirects from HTTP to HTTPS in case anyone enters just the domain name into the browser.

On their Google Chrome Help page, Check if a site's connection is secure, they preview what this now looks like to users:

Check if a site's connection is secure

To see whether a website is safe to visit, you can check for security info about the site. Chrome will alert you if you can’t visit the site safely or privately.

  1. In Chrome, open a page.
  2. To check a site's security, to the left of the web address, look at the security status:
    • cache.php
      Secure
    • cache.php
      Info or Not secure
    • google-insecure2.png Not secure or Dangerous
  3. To see the site's details and permissions, select the icon. You'll see a summary of how private Chrome thinks the connection is.

What each security symbol means

These symbols let you know how safe it is to visit and use a site. They tell you if a site has a security certificate, if Chrome trusts that certificate, and if Chrome has a private connection with a site.

cache.php
Secure

Information you send or get through the site is private.

Even if you see this icon, always be careful when sharing private information. Look at the address bar to make sure you're on the site you want to visit.


cache.php
Info or Not secure
The site isn't using a private connection. Someone might be able to see or change the information you send or get through this site.

On some sites, you can visit a more secure version of the page:

  1. Select the address bar.
  2. Delete <code>http://</code>, and enter <code>https://</code> instead.

If that doesn't work, contact the site owner to ask that they secure the site and your data with HTTPS.


google-insecure2.png Not secure or Dangerous
We suggest you don't enter any private or personal information on this page. If possible, don't use the site.

Not secure:
Proceed with caution. Something is severely wrong with the privacy of this site’s connection. Someone might be able to see the information you send or get through this site.

You might see a "Login not secure" or "Payment not secure" message.

Dangerous:
Avoid this site. If you see a full-page red warning screen, the site has been flagged as unsafe by Safe Browsing. Using the site will likely put your private information at risk.

google-insecure2.png
 
Dave Winer is one person who has made a point of NOT converting to SSL.

From his blog, Scripting News, yesterday, he explains:

Apparently tomorrow is the day Google will start flagging sites that use HTTP, the standard web protocol, as "not secure." Curious to see how people react. BTW, this link has auto-playing video. It may be "secure" but it's also obnoxious. This blog and all my other sites use HTTP. I don't see that changing. I expect this will make writing for the web more of a chore. That's life I guess. I don't want Google to be able to mold the web to its needs. I never signed on to being a Google developer, and never would. Basic rule: Google is a guest on the web, as we all are, and guests don't make the rules.

Here's what that site looks like today in Firefox:

Firefox-Not-Secure.png

And here's what it looks like in Chrome:

Google-Chrome-Not-Secure.jpg

Not a huge difference for this site but still noticeable.

Firefox-Not-Secure.png


Google-Chrome-Not-Secure.jpg
 
Thanks for sharing! We were thinking that the notification would be binary. We always recommend SSL but I think this is a helpful distinction for people who use sites that have honest reasons not to use HTTPS.
 
I think this is a helpful distinction for people who use sites that have honest reasons not to use HTTPS.

But what really are those reasons not to use HTTPS?

I get that Dave Winer is doing this as a protest against Google, a kind of adolescent rebellion against Dad and because he believes Google Search and Facebook and other social media sites are taking the place of newspapers and putting journalists out of work. I think thjat's misguided, personally. Yes, news today is seen more online or on television than in print media, but that doesn't reduce the need for writers and reporters. If journalists are losing their jobs, they need to be protesting against the large news conglomerates that have bought out pretty much all of the local newspapers. Railing against technology won't help.

I don't always like or agree with what Google does either but I honestly don't see a negative to the move to HTTPS, especially now that free SSL certificates are widely available through cPanel and Let's Encrypt.
 
We often come across Mom and Pop shops who didn't grow up with the internet and haven't stuck with digital marketing over the years marketing. While everyone should be doing their best to stay current with best practices I don't believe that folks who aren't able to keep up should be slapped with the "dangerous site" warning.

I completely agree that sites should be secure but as with almost any SEO recommendation to the client we have been presented with legitimate reasons why a site should stay at http, even if it's just temporarily.
 

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Events

LocalU Webinar

Trending: Most Viewed

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Top Bottom