Even though the warnings from InfoSec experts have been extensive and frequent, some users still insist on utilizing HTTP over HTTPS. The fact that HTTPS is now the standard, and as such its cost is low and ease-of-access is high, there is no excuse for using HTTP anymore. Many companies with major browsers, such as Google, have made the effort to discourage the usage of HTTP pages. Flagging HTTP sites that require passwords or credit cards as nonsecure was just phase 1 of Google’s plan.
This was alluded to in previous updates from the company, but until now we had no real knowledge of what Google would do next to eventually move away from HTTP. In a blog post written by
The first update with regards to data entry is rather obvious. Aspoints out, “any type of data that users type into websites should not be accessible to others.” Without the encryption found in HTTPS communication, this data is exposed by any hacker monitoring users that submit such information via HTTP.
The second component to the Chrome 62 update applies to Incognito mode because of a lack of understanding about the mode. There is a misconception that somehow there is a greater element of privacy in Incognito mode regardless of pages visited. This is far from the truth as HTTP communication is not hidden from other parties on the same network. If a hacker has penetrated the network you are using, Incognito mode will not stop man-in-the-middle attacks from occurring over HTTP traffic.
It will be a while before this update is applied, but the ultimate goal of zero HTTP usage will be closer upon the release of Chrome 62. The goal will not yet be completed, however, as Google says it plans to show the “not secure warning” for all HTTP pages, even outside of Incognito mode.
Photo credit: Wikimedia