Chrome is going to declare half Internet insecure, and its people explain why
It is important to encrypt the data on the Internet so that no one can see them. That is why adoption of HTTPS, which is nothing more than normal HTTP over SSL / TLS, is fundamental . These SSL / TLS or Secure Sockets Layer / Transmission Layer Security are two protocols specially created to send encrypted packets over the network.
Last September, Google announced that from 2017 would begin to be labeled as unsafe some of the pages that did not use HTTPS. Parisa Tabriz, head of Chrome security, explained in an interview on Wired why they have decided to take this direction so aggressively and why it is almost personal.
Google has decided to reverse its strategy of warnings, and instead of only telling when a web is encrypted with HTTPS, it will start to warn when a page does not, and will do so by labeling insecure pages without HTTPS. The prompt will appear in the address bar to make it look good.
The first step will be in January 2017 with the launch of Chrome 56, which will label as unsafe pages that manage passwords or credit cards that do not use HTTPS. Later, warnings will be extended to labels with download pages or those that are in simple HTTP when incognito mode is used.
Making the web look scary
“People say we can not make half the web look scary, because users will be afraid of it,” says Tabriz. “But for us, it’s a problem of trying to be honest with users. Without HTTPS, a user or web service can not have any expectation that anything on a page has not been manipulated or listened to, and that’s crazy.”
For Google it is also a practical matter. To compete with the mobile apps and the permissions that are given to them, Google wants the web pages to be able to deepen the resources of our PCs and obtain sensitive information like the location. “You would not want a man-in-the-middle attack to be able to access those things.”
For Parisa Tabriz the struggle to implement the HTTPS is personal. In 2011 he discovered that governments like his father’s Iranian country were spying on their citizens for false HTTP authentication certificates. “For you, a false certificate means a password or stolen personal information,” he explains. “For me and thousands of other Iranians, this can lead to imprisonment, torture or the death penalty.”
Therefore, with her at the forefront and being aware that in some countries using HTTPS connections can save lives, Google seems to have decided to be aggressive in its strategy . “In our moments of impatience, we just want to mark everything as insecure,” says the head of security. “A large fraction of the web is not HTTPS, and that’s embarrassing for me, and it will not solve itself.”
In the company of the search engine are aware that putting so much pressure to the pages that have not yet made the jump to HTTP will arouse the ire of many. But they hope that this will accelerate their adoption even further.