Most Internet traffic today is unencrypted. This is because security certificates are not free and can be expensive. They can be $70 per year, which makes them a little out of range for smaller sites. It is also not an essential part of a site that only provides information and never collects it. For example, looking at the sites I have open right now, Electronic Arts, VentureBeat, PC World and SlashGear all run in standard HTTP.
Google is trying to make HTTP a scary term, giving Chrome users the ability to turn on a feature that will add a red X to the address bar for sites that are not encrypted. Fortunately for smaller sites, this is a "feature" that is off by default and must be turned on manually by the user. That means that the people who will see it are people who are people who know what it means and want to be alarmed.
That is not to say that it will always be this way. Google has been an advocate for SSL, even if there is no sensitive data being transferred, for years. While they claim to not want to be too heavy-handed, this move appears to be the begging of bringing down the heaviest of hands. If they change their mind and turn this feature on by default, webmasters will be in trouble and users will be scared by nonsense.
A Google employee told Motherboard that the goal is to turn this feature on "someday, hopefully," a move that will likely alarm a lot of Internet users who are not aware of Google's redefining the icon in their browser (which currently indicates that the security certificate is flawed).
Be the first to comment!