Right, so by now, we’ve all kind of accepted that Google is the overlord and ruler of all things web traffic, correct? That means that when the king speaks, all those who live under his benevolent rule had better pay attention. Changes to how the search giant thinks affect all of us down here, and recently the king has been speaking about HTTPS.
But jokes aside, part of what we do here at Brugel is keep a close eye on the utterances by Google developers, product teams and search engineers. We listen to make sure we can keep our clients’ websites where they should be: in front of as many potential customers as possible.
July 2018 changes
In early February this year, the security product team at Google announced that the Chrome browser will be marking all sites that use of only “HTTP” as “not secure”. This is because Google, as well as a host of other web boffins, believe that the “HTTPS” encryption is far safer for web traffic.
If we want to continue the medieval / overlord metaphor, then we should say HTTP is the equivalent to transporting your precious gold via an unarmed horse. This isn’t a very secure mode of transport as it leaves you vulnerable to attack and theft. HTTPS, on the other hand, puts these valuables in a steel vault so no one can see what you’re transporting.
In more technical terms, HTTPS encryption ensures that all of the data that you send between your own browser and the website you are visiting (which is plenty, even if you’re not filling out any forms) is encrypted from end to end. That means that no one can view any of your passwords, and your identity is safe as no one can pretend to be you and get away with it.
Why does it matter?
As a website owner, you may well be thinking “so what, why does the change matter?”. It matters because according to the latest research, over half of all web browsers use Chrome as their first preference for a browsing application.
The nudge that Chrome will put into all HTTP websites will be a powerful detour away from your website – research shows that most people, when confronted with a “this website is not secure” message, will click away.
This problem is made worse for you if one or more of your competitors have a fully secured HTTPS website that doesn’t push a “not secure” warning onto browsers when they come into contact with it.
What happens now?
According to the current schedule, version 68 of Chrome will be the first to start displaying the new notification in the address bar. At the moment, Chrome simply displays a green tick icon if the website meets their preference for the HTTPS encryption.
As of July 2018 though, a pop-up or similar “not secure” message will appear, along with (presumably) an angry red cross or exclamation mark for non-secure HTTP sites.
Luckily, at Brugel, we’ve come up with a simple, clean fix for our client’s websites. We can work on the “back end” of the site to ensure the encryption is up to scratch, and add an SSL certificate to your website. That will help ensure that browsers who find you are presented with a welcome mat, rather than a detour sign when they click through to your website.
If you’d like to future-proof your website against this change to Chrome, and the dozens of others like it that occur every year, just get in contact with our friendly team and we’ll see how we can help you focus on running your business or organisation, rather than your website!
A secure web is here to stay, https://blog.chromium.org/2018/02/a-secure-web-is-here-to-stay.html, cited 12 Feb 2018