My Blog

Google's new HTTPS policy

Google's new HTTPS policy

​Yes, Google are implementing a new security policy for their Chrome browser, and the roll-out is beginning next month, so I thought I may as well touch on it briefly as I have been asked quite a few times about it now.

Around a year or so ago, Google announced that they would be introducing a security policy change in their widely used Chrome web browser, that would impact future versions. This would effectively increase security and would be largely beneficial. The announcement stated that eventually any website from the date of the introduction of the policy that had integrated geolocation technology, WebRTC, screen sharing, payment processing, login data, certain types of data collection, and more would now be required to be served from a secure site (HTTPS).

This is widely beneficial, as operating any web applications through HTTPS is best practice anyway, and offers enhanced security. With Google making it a new policy, it should push many websites forward to increasing the security of their users data. At the end of the day, securing a website using TLS/SSL is really not that expensive, nor difficult to accomplish.

HTTPS is the use of SSL (Secure Socket Layer) or TLS (Transport Layer Security) as a sub-layer under the regular HTTP application layering. HTTPS basically encrypts and decrypts user page requests as well as the pages that are returned by the web server. It is designed to protect the integrity and the confidentiality of data as it moves between an end-user computer and a website. It protects personal, and other confidential information, such as login data or credit card details, and it also provides authentication that the website you are looking at is the genuine one.

So what is happening next month?

Next month, Google intend to begin their policy implementation by targeting pages that ask for login data or credit card information. If these websites do not use the secure version of the internet protocol (HTTPS), when a user visits the site, they will be shown a security alert message warning them that the website is 'Not Secure'.

The move in January 2017 is their first step in a long-term plan to mark all HTTP sites, regardless of their content as 'Not Secure', which makes it transparent to all users of the internet, regardless of their technical know-how, that the site may not be safe, which is almost guaranteed to lead to people immediately leaving the site.

This does mean that every person and business that owns or runs a website will have to serve it through HTTPS eventually, but it will be a slow roll-out I am sure, to give plenty of time to implement it, and there have been no actual 'set-in-stone' timescales given by Google so far, apart from the recent announcement of January 2017 for card and login data sites.

I do agree with this move, as I believe it will make a much more secure and trustworthy internet, and eventually you will begin to see every web browser follow suit. It makes a lot of sense!

Time to get your website secured, if you haven't already! Get ahead of the game, and save your search engine rankings from being affected down the line!

Facebook Privacy Settings
Why spending money on advanced cyber security soft...

Related Posts

All Content Copyright © 2017, Nick Seal. All rights reserved.