D-Day for HTTP

2018-07-24 [Petri]

Today is the D-Day for Chrome in its attempt to reduce the use of HTTP on websites: any sites that do not use the secure HTTPS protocol will be flagged as "not secure" by the newest version of Chrome.

This change was originally supposed to happen in June, but got delayed by about a month.

Blindly enforcing this kind of change has caused a lot of stir amongst the web administrator community, as there are legitimate reasons for not bothering to go through the hoops of providing the extra layer of security for websites that do not need users to log in and only act as containers for some useful information.

If, for example, you only host copies of some pictures, why would you bother to add transport layer security for their delivery?

Setting up a website that adheres to this requirement is without a doubt a more tedious task than just whipping up a basic HTTP site, but this will be the new reality unless there is a major uproar or something goes horribly wrong due to this new requirement.

As some 55% of the top million sites are still working on HTTP only, there may be some serious repercussions due to this, not least due to the potential of user fatigue when it comes to security warnings: if lots of pointless warnings will be generated due to this, some valid ones may slip through as users just blindly ignore them.

More about the background of this issue, the potential benefits of doing it and a way to install HTTPS on your site for free can be found in my earlier in-depth blog entry.

Permalink: https://bhoew.com/blog/en/31

Show latest Earlier entries

The slow death of live television

2018-07-19 [Petri]

Hedy Lamarr - the unknown heroine of secure communications

2018-07-12 [Petri]

Devuan: Debian without systemd

2018-07-05 [Petri]

The Fixed Wireless Revolution

2018-06-28 [Petri]

New Horizons wakes up for Ultima Thule

2018-06-19 [Petri]

Code Talkers: the safest encryption method of the WW2

2018-06-14 [Petri]

Google Duplex + Lyrebird = even more convincing AI

2018-06-12 [Petri]

Expanding to new areas is hard. Just ask Nokia.

2018-06-05 [Petri]

Iridium Next will become operational this year

2018-05-31 [Petri]

Norway's jump to DAB

2018-05-24 [Petri]

The US net neutrality change is a global threat

2018-05-17 [Petri]

Will Google Duplex open new avenues for scamming?

2018-05-15 [Petri]

Chrome update will make a forced push towards safer networking

2018-05-08 [Petri]

Nokia's most profitable product: iPhone

2018-05-03 [Petri]

Another indirect legacy of the Battle of Tsushima

2018-04-23 [Petri]

eSIM - Embedded SIM card

2018-04-21 [Petri]

Nokia handsets are dead - long live Nokia handsets!

2018-04-14 [Petri]

Final updates sent for typesetting, cover selected

2018-04-09 [Petri]

Sample from Chapter 12

2018-03-23 [Petri]

George's record broken

2018-03-22 [Petri]

Publication date fixed

2018-03-15 [Petri]

The uneven promise of 5G

2018-03-11 [Petri]

Why Florida Keys have a minimum safe altitude of 14,200 feet?

2018-03-10 [Petri]

Freshly roasted coffee is one of the niceties of Brazil

2018-03-10 [Petri]

Images from the Battle of Tsushima

2018-03-07 [Petri]

Django and Bootstrap

2018-01-10 [Petri]