Tech Google Chrome Browser to Warn Users of Sites That Don't Use HTTPS - GoFuckYourself.com

MrGusMuller · 12-23-2014, 06:25 AM

Google hopes that the warnings it sends to Chrome browser users will encourage websites to move to the secure HTTP protocol.

Google plans to introduce a warning system to alert users about potential security risks when they visit websites that do not use the HTTPS protocol.

Starting in 2015, users of Google?s Chrome browser who visit an HTTP site will receive an alert that the site may not be fully secure. Initial alerts will simply mark a non-HTTPS site as having ?Dubious? security but at a future date, Chrome will start labeling such sites as ?Non-secure."

Google Chrome Browser to Warn Users of Sites That Don't Use HTTPS

=====

Marking HTTP As Non-Secure
Proposal

We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015.

The goal of this proposal is to more clearly display to users that HTTP provides no data security.

Request

We?d like to hear everyone?s thoughts on this proposal, and to discuss with the web community about how different transition plans might serve users.

Background

We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.

Roughly speaking, there are three basic transport layer security states for web origins:

Secure (valid HTTPS, other origins like (*, localhost, *));
Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and
Non-secure (broken HTTPS, HTTP).

Marking HTTP As Non-Secure - The Chromium Projects

hadden · 12-23-2014, 06:30 AM

Google is what's dubious.

klinton · 12-23-2014, 06:50 AM

anyone who is using google chrome is crazy............

TeenCat · 12-23-2014, 06:57 AM

Quote:

Originally Posted by klinton

google is crazy............

shorted that for you

hadden · 12-23-2014, 07:00 AM

Quote:

Originally Posted by klinton

anyone who is using google chrome is crazy............

I am still using it from a few years back testing the disagreement in standardization between Mozilla and Safari. Fun times. Fuck google and apple.

freecartoonporn · 12-23-2014, 09:32 AM

already tried to set https, its kinda difficult.

but gotta go with flow.

if anyone cant afford the ssl cert, just use cloudflare and set all yours internal links to https and force users to https.

seeandsee · 12-23-2014, 09:34 AM

chrome is ram monster now days for me, ff much faster

klinton · 12-23-2014, 10:16 AM

Quote:

Originally Posted by hadden

I am still using it from a few years back testing the disagreement in standardization between Mozilla and Safari. Fun times. Fuck google and apple.

Fire it up Fox ! mozilla forever

Barry-xlovecam · 12-23-2014, 10:56 AM

TLS, no problemo really ...

12-23-2014, 06:25 AM	#1
MrGusMuller Confirmed User Industry Role: Join Date: Oct 2010 Location: Portugal Posts: 1,262	Google Chrome Browser to Warn Users of Sites That Don't Use HTTPS Google hopes that the warnings it sends to Chrome browser users will encourage websites to move to the secure HTTP protocol. Google plans to introduce a warning system to alert users about potential security risks when they visit websites that do not use the HTTPS protocol. Starting in 2015, users of Google?s Chrome browser who visit an HTTP site will receive an alert that the site may not be fully secure. Initial alerts will simply mark a non-HTTPS site as having ?Dubious? security but at a future date, Chrome will start labeling such sites as ?Non-secure." Google Chrome Browser to Warn Users of Sites That Don't Use HTTPS ===== Marking HTTP As Non-Secure Proposal We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security. Request We?d like to hear everyone?s thoughts on this proposal, and to discuss with the web community about how different transition plans might serve users. Background We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin. Roughly speaking, there are three basic transport layer security states for web origins: Secure (valid HTTPS, other origins like (, localhost, )); Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and Non-secure (broken HTTPS, HTTP). Marking HTTP As Non-Secure - The Chromium Projects __________________ StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections ICQ: 632343*113

12-23-2014, 09:32 AM	#6
freecartoonporn Confirmed User Industry Role: Join Date: Jan 2012 Location: NC Posts: 7,683	already tried to set https, its kinda difficult. but gotta go with flow. if anyone cant afford the ssl cert, just use cloudflare and set all yours internal links to https and force users to https. __________________ SSD Cloud Server, VPS Server, Simple Cloud Hosting \| DigitalOcean

12-23-2014, 09:34 AM	#7
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	chrome is ram monster now days for me, ff much faster __________________ BUY MY SIG - 50$/Year Contact here

12-23-2014, 06:30 AM	#2
hadden So Fucking Banned Join Date: Aug 2006 Posts: 1,440	Google is what's dubious.

12-23-2014, 06:50 AM	#3
klinton So Fucking Banned Industry Role: Join Date: Apr 2003 Location: online Posts: 8,766	anyone who is using google chrome is crazy............

12-23-2014, 10:56 AM	#9
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	TLS, no problemo really ...