Published: 11 October 2018
Filed Under:

Chrome browser flags popular sites as ‘not secure’

Published by the BBC on 24 July 2018.

Updated on 11 September 2023

Security warnings will pop up on the Daily Mail website today if visitors are using the latest version of Google’s Chrome browser.

Today, security warnings will pop up on the Daily Mail website and many others for visitors using Google’s latest Chrome browser. These alerts underscore a significant concern: these websites lack HTTPS, the secure version of the web’s data transfer protocol. While many websites have made the shift to HTTPS to safeguard visitors from data theft and hijacking, about 20% of the world’s top 500 websites still rely on the less secure HTTP protocol.

Understanding HTTP and HTTPS: Navigating the Web’s Data Transfer Protocol

HTTP, or HyperText Transfer Protocol, serves as the foundation of web data transfer. The crucial distinction lies in the “S” in HTTPS, signifying “Secure” and guaranteeing data encryption before traversing the web. Unfortunately, several prominent UK websites, including Sky Sports, Argos, and Boohoo, have yet to embrace this essential security measure.

Why Are Sites Deemed Insecure?

The label “Not secure” is applied to sites failing to encrypt data during transmission. Security researcher Troy Hunt’s statistics reveal that over half of the web’s top one million sites have not yet made the transition to HTTPS. To shed light on this issue, Mr. Hunt initiated “WhyNoHTTPS?”—a comprehensive list of the world’s most popular websites still using HTTP, based on statistics from British security researcher Scott Helme. Topping the UK list is the Daily Mail, the busiest site lacking this protective measure. Other notable entries include Tencent QQ, Roblox, and ESPN.

Google’s Role in HTTPS Adoption: Leading the Way in Web Browser Security

The day has come as Google updates Chrome to version 68, flagging HTTP-only sites with warning icons. This initiative began in early 2017 when Google initially warned users about HTTP sites, primarily those collecting sensitive information like passwords or credit cards. Firefox and Safari quickly followed suit with similar security systems. Now, Chrome, the pioneering web browser company, flags all sites that have not made the transition to HTTPS, setting a precedent for other major browser companies.

Advocating for a Secure Web: Supporting Web Browsing Safety

Governments and security organizations worldwide advocate for HTTPS adoption, recognizing the critical role it plays in enhancing web browsing security. The UK’s National Cyber Security Centre recently issued advice, emphasizing that all websites should use HTTPS. Additionally, the Let’s Encrypt project aims to simplify HTTPS adoption for small websites by offering user-friendly guides and tools.

Assessing Data Security Risks: Evaluating Web Browsing Vulnerabilities

Data transmitted via HTTP is essentially broadcast across the web, leaving it vulnerable to interception, data theft, or the insertion of malicious code and adverts by cyber criminals. While the extent of exploitation remains uncertain, successful campaigns have utilized such techniques. However, there is no indication that sites using only HTTP are specifically targeted for attacks on insecure data.

Is Your Data at Risk? Web Browsing in a Secure Environment

Security experts, including Mr. Hunt, have demonstrated how users connecting to HTTP sites can be hijacked and redirected. The extent of these cyber threats remains uncertain, but it’s clear that potential risks exist. Therefore, maintaining a secure web browsing experience is paramount.

Adopting HTTPS: A Growing Trend in Web Browsing Security

With a growing consensus on the importance of HTTPS, many websites are swiftly transitioning to this secure protocol. Mr. Hunt continuously updates his list of insecure sites, with some, like JustEat and Sage.com, already making the move to HTTPS.

Using “Not Secure” Sites Safely: Web Browsing Best Practices

While you need not avoid sites flagged as “Not secure,” it’s essential to exercise caution, especially when signing in or making online purchases. Strengthen your online security by choosing a robust password and ensuring that your browser and other device software are up to date. If available, consider implementing additional security measures like two-factor authentication.

Empowering Website Owners: Taking Control of Web Browsing Security

For those who operate websites, implementing HTTPS to protect your visitors has become more straightforward than ever. Make the internet safer for everyone by embracing this essential security technology.

A Safer Future for Web Browsing

As the web continues to evolve, the need for a secure online environment becomes paramount. HTTPS adoption is not only a trend but a crucial step towards safeguarding data and ensuring the privacy of internet users worldwide. It’s a collective effort—from major websites to individual users—to make the internet a safer place to explore and engage, whether you’re conducting online research, attending Google Meet sessions, or multitasking with split-screen and picture-in-picture features on your web browser, regardless of whether you’re a Windows or Mac user. While there might be a learning curve associated with adopting HTTPS, it’s a step in the right direction toward a more secure web browsing experience.