Seocheckout

Google to Publicly Shame Websites that don't use SSL in Chrome



Write the reason you're deleting this FAQ

Google to Publicly Shame Websites that don't use SSL in Chrome

In an attempt to make the Internet a safer place for its Chrome browser users, Google is going to start marking websites that receive and transmit sensitive data but don't use SSL encryption as insecure. They're doing this in a move to get more website owners to start using SSL on their site. So you better watch out if your website does receive/send sensitive data but isn't using SSL and start thinking about installing it otherwise it could have a serious effect on your rankings, traffic and business!

No they aren't going to parade you around wearing stocks so you can get rotten tomatoes thrown at you. But they will mark your website as "Non Secure" to any users that visit it in Chrome. But only if they know that website is one that receives/sends sensitive data and isn't using SSL to let users know that their details might not be safe when they use it. So if you're not yet using the HTTPS protocol and you do collect/transmit sensitive data then now is the time to get on and install it on your site!
Google to Publicly Shame Websites that don
By implementing SSL on your site, your users data will be encrypted and kept some what safe when entering credit/debit card details, names and addresses etc into your site. And by doing so Google wont label your site as insecure. HTTPS is much more secure than just HTTP and there isn't any performance or speed lost when it's correctly set up and configured so there's no reason really any website that does receive and submit sensitive data should not be using it. It's thought that eventually Google are going to start labeling all websites as insecure if they aren't using SSL regardless to whether they do receive and submit sensitive data or not.Google's Chrome security team member Emily Schechter said on Google’s Online Security Blog that

"Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure,’ given their particularly sensitive nature."

Does SSL Really Make Your Site More Secure?

SSL certificates can offer some protection to the user and their protection is guaranteed by the seal of whatever SSL certificate provider you use. Installing SSL on your site and adding the Trust Guard Security Seal to your site can give your users a little more confidence and also you are covered and protected should their details somehow become intercepted and unencrypted. After all, that's what you pay for!

But having an SSL certificate and using HTTPS on your site can protect transactions they don't protect your site from actually being hacked. To help with that and to prevent it from happening you can use a service like Trust Guard who will scan your site for around 75,500+ known vulnerabilities used by hackers to hack into and access your customers and companies sensitive data that may be stored on your server somewhere. Also it comes with some compensation if you are hacked which again, is what you are paying for should you go that route.

Replacing the Green Tick Icon

Up to now, one way that Google would let Chrome users know if a site is safe to use or not is by relying on user feedback. Safe sites got a green tick to let people know the site was safe and used SSL to encrypt and protect their sensitive data.
Google to Publicly Shame Websites that don
But apparently that indicator had not worked very well in the past and doesn't always highlight just how insecure a website is that is not using SSL. Most people don't even understand what the difference between HTTP and HTTPS means and don't look for the padlock icon in the address bar or realize that a site without one isn't a safe site to use to make purchases on using credit/debit card details. This has meant people have been the victim of fraud.

It's because of this that Google are trying to do more to make people realize the dangers and are now explicitly marking sites not secure even if you are visiting that site in an incognito tab. And in future, other later releases of Chrome will extend these non SSL/HTTPS warnings by showing a red triangle to let people know it's not secure and safe to use or working as they should be.

It's much harder for secured HTTPS encrypted connections to be intercepted and unencrypted in comparison to standard HTTP connections. Of course it doesn't offer complete and total protection. In another recent cyber security article this month we saw how SSL encrypted connections can be sniffed, intercepted and unencrypted on the fly by people with the right knowledge and tools and this information is becoming increasingly more available to anyone determined enough to find out how to do it.

What do you think about this move by Google?

Do you think some sites could become unfairly given a red triangle?

Should all websites use HTTPS/SSL even if they don't receive/transmit sensitive data?

Comments

Please login or sign up to leave a comment

Join
Everett
Mozilla Firefox sometimes doesn't let you even view the website if they don't have a correctly configured SSL Certificate. Also, you can add an exception with Mozilla Firefox, which probably is not safe, but one way to bypass their warning. With Google Chrome, I would be pretty annoyed if they were to say that my website isn't secure. I mean how exactly would they know if my website wasn't secure even though I don't make use of the SSL Certificates because the cost for them is outrageous! If there was a supplier that offered SSL Certificates for a cheap price, than yes I would probably buy one, but the issue is, most of them are expensive, like over $45, last time I checked. Probably there is a sales for them, but I always seem to always miss the sales that are going on. Another thing is, you have to renew them each year I believe and if you already have a $25 domain, plus an SSL Certificate that is an easy $45 per year. Yeah, I don't like to pay that much for a website domain, and an SSL certificate. If there was a bundle for about $25 for both yes I would pay it, gladly. Google don't shame me please, that's rude!



Are you sure you want to delete this post?

Lynne
Yes I've encountered this before Everett where I could not view websites that appeared unsafe. I found it really annoying because there were some websites I just couldn't access Google to Publicly Shame Websites that don



Are you sure you want to delete this post?

Lynne
Wow, this is a big move for sure. I guess though that this will make everything a lot more secure and safe for online buyers. I know for my personally I get a little nervous whipping out my credit card to buy things online.

I'll be honest I didn't know that was what https meant LOL. So yes I am learning something new on this website every single day!

How will this impact backlinks to your website if the backlink is to http and then you change to https? Will people still find their way to the website?

How does this impact websites that use Paypal and not debit and credit cards?

Surely this won't impact my blogs in any way since I don't receive payments on my websites right?

I have just bought a new domain and I am wanting to put up a classifieds website on that domain soon, well maybe next year... like when I find the time! I was wanting to accept payments via Paypal. so should I get an SSL certificate for that site?



Are you sure you want to delete this post?

Cristian
Jesus that is a big move from Google! It will affect a lot of website and online store since people are so sensitive about seeing "not secured" on a website.
I do believe everyone should switch to HTTPS, especially online store, it's just a MUST from every point of view, including ranking well in Google. But actually, shaming a simple content based blog is taking things a bit too far in my opinion.

So there you have it, go on and buy a SSL even if you have a content-based blog, it will save you a lot of trouble the following years.



Are you sure you want to delete this post?

overcast
I have used Let's encrypt on my website. And though it should show the full SSL. But the case is that some of the SSL features are not fullly activated. And chrome complains about that in the URL bar. So i am just wondering what are some things that we are forced to do in such case to make use of the SSL. WordPress based sites can easily make use of the SSL but requires some tweaking.



Are you sure you want to delete this post?

vinaya
If that happens it will take a toll on my websites. I have half a dozen websites running and none of them uses SSL certificates. Since I am just starting out, having certificates will be a financial burden. Therefore, I have not considered using SSL. By the way I hear that you can also get free SSL. However, I am yet to try this.



Are you sure you want to delete this post?

Corzhens
Pardon me if I didn’t fully understand what an SSL is. But I sometimes have an issue with the Chrome browser when it wouldn’t open a site by saying cannot find a secure connection or something like that. What I would do is to run Firefox for that website and more often than not, I could open that website. That’s why I have a backup browser in Firefox. It will let me know if the problem is the website itself or just the browser.



Are you sure you want to delete this post?