It’s been rumored for a while that Chrome would start warning users about sites that weren’t encrypted. Well, now we have an actual launch version. Chrome 56, comes out in January. Starting with this version Chrome will mark sites without a Secure Sockets Layer (SSL) certificate as “not secure.” Future plans include adding a red triangle symbol as well.
What is SSL?
Secure Sockets Layer (SSL) is a technology for creating an encrypted link between browsers and web servers that requires a key to decipher. Creating such a link is invisible to most users. but involves encoding organizational and server information of a website in a public and private key. The public key creates the certificate for the server. The private key connects the certificate to the server. There are many types of SSL certificates from the simple single site ones, to business verified, to wild cards. Each certificate type has its own pricing, which varies between certificate issuers. Like most things in the information technology industry there are first-line companies and resellers.
I’m a normal user, so…
We all should expect to see a little lock or other security indicators when we exchange financial or personal information with a website. This new warning system takes that one step further by targeting all sites, even if they only display information with little or no user interaction. The change will circumvent the inherent vulnerability of unencrypted web traffic. Not only can it be monitored, but nefarious entities can use the open data stream to inject malware, spyware, and other bad stuff into computers via something as simple and innocent as a cat video.
I’m a website owner / blogger, so…
All major blog platforms (Blogspot, Medium, and WordPress) have taken care of their end users. If you are a website owner, you can obtain and install a certificate from your domain registrar or web host. Or if you don’t want to pay the annual fee, put your site on a Content Delivery Network (CDN). Both Cloudflare and Cloudfront offer free SSL to their users. Check their websites for details.