×
Search TQA Weekly
×
Log into your TQA Weekly

HTTP-ONLY SITES INSECURE?!

Google Chrome, as of July, Will Start Marking HTTP Web-sites as Insecure

Steve Smith discusses the history of the HTTPS, why there was a transition from HTTP to HTTPS, what it now means for web-site owners, developers, and the Internet at large.

Episode #8-28 released on March 4, 2018

All my sites are HTTPS only, so now that that is out of the way, how about we address a current trend of browsers, and what it will mean for web-sites and yourself moving forward. HTTPS is only a data securing method for data in transition between computers and servers, and the data itself may be stored in plaintext or encrypted at the discretion of the developers.

The primary purpose of HTTPS was the security of data being moved from the computer and server. It was originally used to protect transactional information such as your payment information. Many sites, including Facebook did not transition account data over HTTPS, and furthermore, the cookies for accounts where vulnerable to interception, allowing other people the ability to hijack your account if you were in an unprotected wife hotspot. The first browser addon to demonstrate the vulnerability was called Fire Sheep.

Once the vulnerability was exposed, big companies started migrating all communications, at first voluntarily by the user, and then after, by default, over to the HTTPS communication method entirely. This allowed for account information, sessions, transactional data to be secured while in transmission only.

Later, browsers started marking far more clearly the actual security state of secure web-sites, while unsecured web-sites continued to run with generic identification. The push to make as many web-sites secure as possible is felt not just at the browser level, but even the rank level on Google Search, which, also, ranks sites higher if they are, also, mobile friendly. Apple even requires secure transmission of data between servers and apps, and submissions are not taken if this is not addressed, amongst many other factors.

The world is generally moving towards phasing out HTTP sites, making the internet HTTPS first. This is to deal with other issues, like rogue elements accessing the contents of the packets, and data manipulation prevention. A secured packet can't be spied on, and anyone with access to the router, or ISP at any level, cannot inject code into the secured packet either, whether it be malware or ISP origination messages or advertisements. Basically, don't want information from Comcast, or other ISPs, just switch to HTTPS on all sites you visit that support it. One amazing way to get HTTPS on web-sites that support it, is with the browser addon called HTTPS Everywhere.

I just want to leave you with a few caveats to keep in mind. HTTPS enabled sites aren't guaranteed to encrypt your data in their database. HTTPS isn't important on web-sites that don't have forms, accounts, sales, etc. A generic site containing information about a topic, and nothing else, isn't any more dangerous than a HTTPS. The issue is only that anyone can see what you are looking at. However, considering that those kinds of sites are public, it isn't really a privacy risk.

Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net

Sources & Resources