Digital security vendor DigiCert has warned that the upcoming Google Chrome update could cause chaos for website owners. Starting July 23, all websites that use HTTP rather than HTTPS will be marked as “Not Secure”.
Google notified users back in February via the Chromium Blog of this impending change. It said: “Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure'”.
According to Jeremy Rowley, Chief Product Officer, DigiCert: “The Chrome 68 update will hopefully spur the millions of sites still using HTTP to adopt HTTPS. The data shows that while the web has made tremendous strides toward greater user security, there are still many sites that need to catch up to avoid the ‘Not Secure’ warnings. We urge IT administrators to check the sites they look after and deploy the appropriate TLS certificates.“
Why is DigiCert warning about this?
DigiCert cites a 2018 “Internal Website Security Seal Study”by Ipsos Group S.A. It says that: “87% of internet users will not complete a transaction if they see a browser warning on a web page. While 58 percent of respondents go to a competitor’s website to complete their purchase.”
For many sites, losing that percentage of sales would be business threatening. What is surprising, however, is that sites, especially commercial sites, are still not fully HTTPS. The problem, is that despite the ease of use and low cost of digital certificates, there are still a lot of sites that don’t use HTTPS.
Over the last couple of years there have been several campaigns to alert users to safe shopping online. They all point out the need to check that the connection is secure before entering their payment data. HTTPS encrypts all the traffic between the user and the site. This prevents hackers from hijacking your web traffic and stealing security credentials, credit card numbers or other sensitive data.
This is not just about encryption. Rowley says that: “Besides encryption and authentication of website traffic, digital certificates can boost SEO rankings, reduce bounce rates, and help minimize abandoned shopping carts.“
What does this mean
It takes very little time for a website to add a digital certificate. They can be purchased direct from certificate authorities such as DigiCert or Comodo. In addition, most hosting providers will sell digital certificates and even help with installation.
There is now less than three weeks before Google Chrome 68 goes live. Website owners need to act quickly if they don’t want to lose their userbase.
If we can show that Google’s own DoubleClick advertising content negates any security advantage of HTTPS by allowing untrusted third parties to eavesdrop on client connections, then can we collectively sue Google for all the trillions in wasted time and effort on installing HTTPS throughout the World?