Google Chrome is about to warn you even more about insecure sites – Yahoo Finance

Later this month, your Chrome browser may make you more nervous online. But you should consider that a feature, not a bug.

Unfortunately, other browsers aren’t as proactive about the security of the link between your screen and a site, even if they do better at protecting other aspects of your privacy.

Snooping alert

The next release of Google’s (GOOG, GOOGL) browser ships on Oct. 17 for Mac/Windows/Linux, and the update for Chrome OS comes a week later. When that happens, you’ll see a “Not secure” warning in the browser’s address bar in two common scenarios.

The first will occur when you start to enter any data on a site that doesn’t encrypt your connection — meaning that it doesn’t scramble the data flowing between it and a browser, leaving outsiders free to see everything you do.

This extends a protection Google added in January, which threw the “Not secure” flag on pages that accepted passwords or credit-card data without encryption. Now typing anything at all will raise Chrome’s hackles.

Chrome, which held a 54.89% share of the worldwide browser market in August, according to StatCounter, will also alert you if you activate Incognito mode and visit an unencrypted site.

Future versions will get even more stringent and show the same warning for any site lacking encryption — but in an attention-getting shade of red.

Abbreviated awareness

Techies have been able to tell a site encrypts a connection by looking for a lock icon in the browser’s address bar, along with an “https” prefix to a site’s address instead of the usual “http.”

Non-techies, however, have struggled with the concept. A survey released in March by the Pew Research Center found that only 33% of Americans knew what “https” in a site address meant.

By calling out the consequence of the lack of encryption instead of asking users to know “crypto” jargon, Google’s should help improve people’s understanding of the concept.

Chrome’s competitors, meanwhile, remain much less militant about flagging unencrypted connections.

Apple’s (AAPL) Safari, the second-most popular browser, doesn’t offer alerts about unencrypted connections and has been more tolerant of older methods of encryption. In particular, that browser only stopped supporting an obsolete form of site encryption called “SHA-1” earlier this year — some two years after Google began warning users about it.

You can’t say Apple doesn’t worry about privacy, though. Safari 11, part of the new macOS High Sierra release and available as a separate download for some older versions, incorporates an “Intelligent Tracking Protection” feature that stops many advertisers from tracking your activity across different sites.

(Online advertisers are predictably unamused.)

Microsoft’s (MSFT) Edge also trails Chrome in this aspect and didn’t yank SHA-1 support until this spring.

An increasingly common defense

Fortunately, Google’s warnings are also becoming less necessary as more sites adopt encryption. What was once a scarce form of security has become a mainstream ingredient.

Google’s stats show that as of Sept. 23, 63% of pages loaded in Chrome’s Windows version came encrypted, while 74% of pages loaded in Chrome for Mac arrived encrypted. About two and a half years ago, those shares were at 39% and 43%.

Data collected by the Mozilla Firefox browser show encryption rising from 38% of pages in October 2015 to 61% as of Sept. 27. You can credit both pressure from security experts and efforts to make encryption easier and free. One initiative alone, Let’s Encrypt, issued its 100 millionth encryption certificate in June.

Comments

Write a Reply or Comment:

Your email address will not be published.*