Google Chrome now highlighting "Not Secure" warning for websites that don't have SSL Encryption.
By Example Designs
26th July 2018
What is SSL Encryption?
What is the difference between HTTP and HTTPS?
When a certificate is present and installed correctly, the Hypertext Transfer Protocol (commonly known as HTTP) will change from HTTP to HTTPS. The ‘S’ in HTTPS stands for ‘secure’. When browsing on the internet depending on the browser that you are using (e.g. Chrome, Safari, Internet Explorer), the browser will show a padlock or “Secure” either in the bottom of the window or in the URL bar (where you type a website address) when you visit a website that has an SSL Certificate successfully installed.
What Google is doing to ensure you have a safer internet experience?
As part of Googles efforts to give better customer experience for it’s users by making their browser experience safer, Google have launched an update, Chrome 68 on July 24th 2018 which marks websites with HTTP as “Not Secure”. Prior to this the “Not Secure” warning was hidden behind a security indicator in the URL bar which if you clicked on it would give you details with regards to the sites security measures.
As you can see this message of “Not Secure” has become a lot more predominant or order to help users make informed decisions on what sites it’s safe to send data over.
Google has announced that in September/October with their Chrome 70 release that they will be marking HTTP sites with a red “not secure” warning:
In October’s version of Chrome (70), you’ll see a red “not secure” notifications when you enter data on an HTTP page.
Video courtesy of the Googles Blog – (https://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/)
“Eventually, our goal is to make it so that the only markings you see in Chrome are when a site is not secure, and the default unmarked state is secure. We will roll this out over time, starting by removing the “Secure” wording in September 2018. And in October 2018, we’ll start showing a red “not secure” warning when users enter data on HTTP pages.”
– Emily Schechter, Chrome Security Product Manager
Google Chromes Influence on the Internet
Google Chrome has a Huge Market Share. They are responsible for almost 60% of all internet usage worldwide with Apples Safari coming in at mear 13.7%.
Statistics and Graph provided by http://gs.statcounter.com/browser-market-share <- note this isn’t a secure website!
With this data its shows that Google is the number one internet browser and the most effective platform for driving the adoption of HTTPS.
How much of the UK's internet traffic is safe and secure?
Using the Google Transparency Report (https://transparencyreport.google.com/https/overview) we can see that a whopping 97% of pages are loaded over HTTPS in Chrome. Go the United Kingdom! But this does mean that there are 3% of website page views that are not secure! This is quite scary number when you consider the trillions of pages view performed each year and the fact that the majority of page views will be on larger businesses sites. If larger business sites (Multi national shopping sites, news sites etc) consume 95% of all internet traffic that means that out of the remaining 5% of internet traffic only 40% of that is secure and 60% is not.
Do you own a website that contributes to the 3% of unsure internet traffic in the UK?
If you contribute to the 3% of website traffic that don’t use an SSL then not only will your website be negatively affected in searches but also you are putting your visitors personal information at risk. As you can see this goes hand in hand with GDPR. If you’re website is not covered with an SSL certificate the traffic on your site is open to be intercepted by a third party and therefore you are creating a GDPR breach.
Googles other tools to ensure you switch to HTTPS
Before Chrome began flagging unencrypted sites, Googles search engine added HTTPS as a ranking signal in 2014. This flagging started as a small measure that affected fewer than 1% of global searches to help push websites towards HTTPS. Google has though indicated that HTTPS will be the difference in ranking between two identical searches. This means that if Joe Bloggs and John Does websites offer the same value in a competitive niche but Joe Bloggs is using an SSL certificate, Joe Bloggs will rank higher.
What does this mean for the future of unsecure websites?
We can see that this is a massive win for the business that wish to protect their visitors data especially with regards to eCommerce sites and other sites that take highly sensitive data such as insurance companies or banking, but on the flip side this may damage a lot of business reputation due to the “Not Secure” warning. Would you want to go on a website that states “Not Secure”?
What can you do to add an SSL certificate to your website?
Adding an SSL Certificate is possible on any website but it is not as simple as a click of a button. As you may already know there are multiple versions of a website, www. and non www. but there are also http://www. and http://non www. Therefore by simply activating an SSL certificate your traffic won’t necessarily go to the https version of your website. God news though, we can help and all of the websites we create are encrypted with an SSL certificate to help protect your visitors as well as ensuring you aren’t marked down in regards to SEO. Contact us to find out how we can help you to add a SSL certificate to your existing website at an affordable price.