Soon, you may notice your computer warning you that the websites you’re used to visiting aren’t secure — that is, if you use the Chrome browser. Starting today, Chrome will slap a “not secure” label on any websites that aren’t using HTTPS. But this doesn’t mean that these websites are any less secure than they were yesterday. Instead, it’s Chrome trying to encourage websites to be more secure by calling out those that only use HTTP.
Just what does that mean? HTTP is short for Hypertext Transfer Protocol, and it has been the way web pages are sent from their server to your computer since the very beginning of the World Wide Web. In those early days, no one was particularly worried about security on ordinary web pages, and HTTP is unencrypted. That means when you visit a website via HTTP, others could intercept what you type or edit what you see. Your internet provider could collect and sell your browsing history to third parties or track you to display ads. It’s already challenging to keep our private information private online, and HTTP makes it even harder.
That’s where HTTPS comes in. The S stands for “secure,” meaning two things: the site you’re seeing is guaranteed to be the site you think you’re seeing and everything you send to or receive from the site is encrypted. That means no one can eavesdrop on your web browsing, and it makes it tougher for hackers (or legitimate businesses) to get your personal information. Though the system isn’t a guarantee that you’re safe from online threats, it’s much more secure than HTTP. We at Techlicious use it for our website (see below).
Plenty of websites already use HTTPS. If you do online shopping or banking, you’ve almost certainly noticed a lock icon in your browser toolbar indicating you’re on a secure site, where it’s safe to type passwords and other personal information. However, some more mundane websites — like the BBC and ESPN — don’t bother with this kind of security. That makes it much easier for eavesdroppers who want to know exactly what you’re up to online. Now Chrome will simply be calling attention to that fact. Until your browser gets the update (or if you use Safari, Edge or Firefox), you’ll be able to tell by the fact that there is an “i” button next to the URL (see ESPN site below).
It’s part of an attempt to make HTTPS the standard way to browse the web. All connections should be secure, so instead of specifically calling out HTTPS as secure, Chrome will point out when you’re using an unsecured HTTP connection. As of today (or when Chrome updates on your computer), Chrome shows a “not secure” warning in the address bar when you visit a site that only uses HTTP. In the future, it will also stop specifically noting HTTPS websites as secure — because secure, encrypted websites should be the norm.
So what should you do if you get a warning that the website you’re visiting isn’t secure? First, you shouldn’t enter any sensitive information — you only want to provide personal information over an encrypted HTTPS connection, which is indicated in most browsers with a lock icon by the address. Some websites will use standard HTTP if you don’t specifically ask for a secure connection, but you can often force sites to use HTTPS by simply changing “http” to “https” in the address bar. You can also download the HTTPS Everywhere extension for Chrome or Firefox, which will request secure pages from any website that offers them.
But even though Chrome is trying to keep us safe online, in the end, it’s up to us to safeguard our personal information. Always look for the lock icon that indicates a secure connection, and never give out private information.
[Image credit: HTTP and HTTPs concept via BigStockPhoto]