The 24th of July was a big day for Chrome users – and probably a crazy busy day for server and website owners everywhere: Google began shipping Chrome 68 which flags all sites served over HTTP as being “not secure”. Pages that do not use the https protocol will be shown like below from now on:
If you are wondering: This is a good thing since it will make surfing more secure for everyone. Sadly a lot of the world’s biggest websites are not on board yet.
The Hyper Text Transfer Protocol Secure (HTTPS) is basically the secure version of HTTP which most people use as the protocol over which data is being sent between your browser and the website that you are trying to visit. As you may have guessed by now, the S at the end of HTTPS stands for Secure, which means the communication between your browser and the website is encrypted.
Most people are already encountering the protocol while browsing without really noticing it. Many sites (especially shops and banks) supported HTTPS in the past already and more pages will most likely start now.
HTTP is not very secure. All communications with HTTP are sent in plain text and could theoretically be read by anyone who manages to break into the connection between your browser and the site you are visiting. HTTPS on the other hand makes things a lot more secure. It prevents others from reading the data packets running between your browser and the server. That includes banking credentials like credit card numbers, your passwords, usernames … you name it.
In the end HTTPS makes everything more secure for everyone – and since you can get it basically for free nowadays, there is really no reason not to use it.
Nonetheless not every page is on board. While this can be expected from smaller pages like blogs and other private sites, there are some huge pages who have not yet switched over to the secure protocol. Whynohttps lists the 100 websites that do not use HTTPS yet – and according to the page they represent 20% of the world’s largest 502 websites.
The list includes: Baidu.com, wikia.com, bbc.com, dailymail.co.uk, spn.com, alibaba.com, foxnews.com, speedtest.net, ign.com, 4chan.org, and many more. Take a look at the list yourself to see if your favorite website is on it.
This post first appeared on the Avira Blog