SEOClerks

Google to Publicly Shame Websites that don't use SSL in Chrome



Enter a reason for deleting this comment

Google to Publicly Shame Websites that don't use SSL in Chrome

In an attempt to make the Internet a safer place for its Chrome browser users, Google is going to start marking websites that receive and transmit sensitive data but don't use SSL encryption as insecure. They're doing this in a move to get more website owners to start using SSL on their site. So you better watch out if your website does receive/send sensitive data but isn't using SSL and start thinking about installing it otherwise it could have a serious effect on your rankings, traffic and business!

No they aren't going to parade you around wearing stocks so you can get rotten tomatoes thrown at you. But they will mark your website as "Non Secure" to any users that visit it in Chrome. But only if they know that website is one that receives/sends sensitive data and isn't using SSL to let users know that their details might not be safe when they use it. So if you're not yet using the HTTPS protocol and you do collect/transmit sensitive data then now is the time to get on and install it on your site!
Google to Publicly Shame Websites that don
By implementing SSL on your site, your users data will be encrypted and kept some what safe when entering credit/debit card details, names and addresses etc into your site. And by doing so Google wont label your site as insecure. HTTPS is much more secure than just HTTP and there isn't any performance or speed lost when it's correctly set up and configured so there's no reason really any website that does receive and submit sensitive data should not be using it. It's thought that eventually Google are going to start labeling all websites as insecure if they aren't using SSL regardless to whether they do receive and submit sensitive data or not.Google's Chrome security team member Emily Schechter said on Google’s Online Security Blog that

"Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure,’ given their particularly sensitive nature."

Does SSL Really Make Your Site More Secure?

SSL certificates can offer some protection to the user and their protection is guaranteed by the seal of whatever SSL certificate provider you use. Installing SSL on your site and adding the Trust Guard Security Seal to your site can give your users a little more confidence and also you are covered and protected should their details somehow become intercepted and unencrypted. After all, that's what you pay for!

But having an SSL certificate and using HTTPS on your site can protect transactions they don't protect your site from actually being hacked. To help with that and to prevent it from happening you can use a service like Trust Guard who will scan your site for around 75,500+ known vulnerabilities used by hackers to hack into and access your customers and companies sensitive data that may be stored on your server somewhere. Also it comes with some compensation if you are hacked which again, is what you are paying for should you go that route.

Replacing the Green Tick Icon

Up to now, one way that Google would let Chrome users know if a site is safe to use or not is by relying on user feedback. Safe sites got a green tick to let people know the site was safe and used SSL to encrypt and protect their sensitive data.
Google to Publicly Shame Websites that don
But apparently that indicator had not worked very well in the past and doesn't always highlight just how insecure a website is that is not using SSL. Most people don't even understand what the difference between HTTP and HTTPS means and don't look for the padlock icon in the address bar or realize that a site without one isn't a safe site to use to make purchases on using credit/debit card details. This has meant people have been the victim of fraud.

It's because of this that Google are trying to do more to make people realize the dangers and are now explicitly marking sites not secure even if you are visiting that site in an incognito tab. And in future, other later releases of Chrome will extend these non SSL/HTTPS warnings by showing a red triangle to let people know it's not secure and safe to use or working as they should be.

It's much harder for secured HTTPS encrypted connections to be intercepted and unencrypted in comparison to standard HTTP connections. Of course it doesn't offer complete and total protection. In another recent cyber security article this month we saw how SSL encrypted connections can be sniffed, intercepted and unencrypted on the fly by people with the right knowledge and tools and this information is becoming increasingly more available to anyone determined enough to find out how to do it.

What do you think about this move by Google?

Do you think some sites could become unfairly given a red triangle?

Should all websites use HTTPS/SSL even if they don't receive/transmit sensitive data?

Comments

Please login or sign up to leave a comment

Join
Everett

Mozilla Firefox sometimes doesn't let you even view the website if they don't have a correctly configured SSL Certificate. Also, you can add an exception with Mozilla Firefox, which probably is not safe, but one way to bypass their warning. With Google Chrome, I would be pretty annoyed if they were to say that my website isn't secure. I mean how exactly would they know if my website wasn't secure even though I don't make use of the SSL Certificates because the cost for them is outrageous! If there was a supplier that offered SSL Certificates for a cheap price, than yes I would probably buy one, but the issue is, most of them are expensive, like over $20, last time I checked. Probably there is a sales for them, but I always seem to always miss the sales that are going on. Another thing is, you have to renew them each year I believe and if you already have a $10 domain, plus an SSL Certificate that is an easy $30 per year. Yeah, I don't like to pay that much for a website domain, and an SSL certificate. If there was a bundle for about $15 for both yes I would pay it, gladly. Google don't shame me please, that's rude!




Are you sure you want to delete this post?

Lynne

Yes I've encountered this before Everett where I could not view websites that appeared unsafe. I found it really annoying because there were some websites I just couldn't access Google to Publicly Shame Websites that don




Are you sure you want to delete this post?

procoder

Well it seems that Google is trying to make the web more secure for its users, now talking honestly this it's not good or bad because everything has its cons and pros... So they want to label http sites as unsecure , and https as secure sites, just because the site is being served over https connection it does not mean that the site is safe and is providing a safe content to users, for example, if a website is a "ghost" page that is trying to scam people it will scam people with or without having ssl certificate installed on the server.

Furthermore this update will make things even more worse than they are, because marking a website as secure while it could be a malware page using https it's not something that will help people or protect them. Making people feel safe , and protecting them are two different things.

Now I'm not saying that SSL shouldn't be installed, because most of hosting companies are offering it for free if you purchase a hosting plan or an other package from their service, also it can be installed very easy and it can be done by anyone.


The only thing that I know is that this update will cause a lot of problems to some sites, specially if they are using many http sources.However, switching them to https it's not that hard and at least they have 3 months to do that.




Are you sure you want to delete this post?

Lynne

Wow, this is a big move for sure. I guess though that this will make everything a lot more secure and safe for online buyers. I know for my personally I get a little nervous whipping out my credit card to buy things online.

I'll be honest I didn't know that was what https meant LOL. So yes I am learning something new on this website every single day!

How will this impact backlinks to your website if the backlink is to http and then you change to https? Will people still find their way to the website?

How does this impact websites that use Paypal and not debit and credit cards?

Surely this won't impact my blogs in any way since I don't receive payments on my websites right?

I have just bought a new domain and I am wanting to put up a classifieds website on that domain soon, well maybe next year... like when I find the time! I was wanting to accept payments via Paypal. so should I get an SSL certificate for that site?




Are you sure you want to delete this post?

Cristian

Jesus that is a big move from Google! It will affect a lot of website and online store since people are so sensitive about seeing "not secured" on a website.
I do believe everyone should switch to HTTPS, especially online store, it's just a MUST from every point of view, including ranking well in Google. But actually, shaming a simple content based blog is taking things a bit too far in my opinion.

So there you have it, go on and buy a SSL even if you have a content-based blog, it will save you a lot of trouble the following years.




Are you sure you want to delete this post?

idealmike

Yeah, well it's not really shaming in the sense that they are pointing a finger to you and down talking you for doing something wrong or publicly flagging you in the stocks like they used to in Medieval times haha but I agree with you it does seem overkill to mark a site with a red triangle simply because it doesn't use SSL. But then on the other side of the coin, you have to ask, if that site is receiving/submitting sensitive data like names, addresses, payment details etc then why isn't it using SSL when it's so important to protect your users. But like also, where do they draw the line you know? How do they know whether a site receives/transmits data like that or not? What about a simple contact form like so many sites have. Should that site have SSL? Should it be marked with a red triangle if it doesn't? So yeah it's a bold, brash move kinda like putting your opponent in check in chess and forcing them to move or accept the next move will be your queen. But hey if it makes the web a safer place then perhaps it's the way forward today anyway?




Are you sure you want to delete this post?

overcast

I have used Let's encrypt on my website. And though it should show the full SSL. But the case is that some of the SSL features are not fullly activated. And chrome complains about that in the URL bar. So i am just wondering what are some things that we are forced to do in such case to make use of the SSL. WordPress based sites can easily make use of the SSL but requires some tweaking.




Are you sure you want to delete this post?

vinaya

If that happens it will take a toll on my websites. I have half a dozen websites running and none of them uses SSL certificates. Since I am just starting out, having certificates will be a financial burden. Therefore, I have not considered using SSL. By the way I hear that you can also get free SSL. However, I am yet to try this.




Are you sure you want to delete this post?

Corzhens

Pardon me if I didn’t fully understand what an SSL is. But I sometimes have an issue with the Chrome browser when it wouldn’t open a site by saying cannot find a secure connection or something like that. What I would do is to run Firefox for that website and more often than not, I could open that website. That’s why I have a backup browser in Firefox. It will let me know if the problem is the website itself or just the browser.




Are you sure you want to delete this post?