What Do Chrome's New Security Warnings Mean for You?

Browser security is a very big topic in 2018. Techworld highlighted that browser security had evolved considerably as Microsoft, Mozilla and especially Google added a variety of new features to improve browser security.

Google Chrome is rolling out one of the biggest changes in its history as all new website connections will be marked as “not secure” if they don’t come from an HTTPS connection. What will the implications be for Chrome users and website operators?

In February, Chrome security product manager Emily Schechter credited Google with increasing the number of sites on the internet with encrypted connections. Google said that promoting website security has been one of its primary objectives for years and it announced that it would solidify its stance by marking all websites without encrypted connections as being unsecure.

The obvious goal has been to improve privacy and minimize the amount of data that is exposed to malicious third parties. As of the day that blog post was written, 68% of Chrome traffic on Android and Windows was encrypted. The developers with the Chrome team are confident that the new policy will increase the amount of encrypted traffic even further. 

What the “not secure” warning means for users
In the past, such a move would have drawn a lot more criticism. People would have warned that it would have deterred from users from accessing large portions of the internet. After all, adoption of encrypted website connections was not nearly as prevalent in the past.

Years ago, the majority of websites were not secured. The Chrome team points out that a much larger percentage of websites are using SSL connections these days, so it is perfectly reasonable to institute such a policy.

"Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year, we think that in July the balance will be tipped enough so that we can mark all HTTP sites," Schechter wrote.

Yet, some critics have raised some concerns about the new change. One of the biggest fears is that it could negatively affect smaller websites for no reason at all. Small, local businesses may be less technologically savvy than their larger competitors and may be behind the game when it comes to understanding how to add SSL certificates.

This would not necessarily be a valid criticism of the new Google Chrome change if it created valid security concerns. The Chrome team has to consider the security needs of their users ahead of the concerns of local businesses. However, the impact may be too draconian, considering that the need for secured connections to these sites is much lower. 

The need for securing these sites is not nearly as high as it is with many larger brands. A large majority of small companies only use their website to share information about their business and provide contact information.

Several small business advocates I spoke with said there is little harm with using unsecured connections with these types of businesses. One building contractor in my area didn’t even know what a secured connection was. He was understandably very concerned that many people may receive warning messages that his website isn’t secure.

The other concern is that the new Chrome warning may make users more confused about legitimate security threats. One of the biggest worries is that many Chrome users will associate HTTPs encryptions with security after the new change goes into effect. They will likely believe that sites that aren’t marked as “not secure” are safe to use, but that may not necessarily be the case.

Chrome users must understand the encryption is just one layer of security. It protects against snoopers that want to intercept packets of data that are passing between your machine and the website server. However, it won’t do anything to protect against the security risks caused by malware, social engineering and other attacks.

Users must take other steps to protect their credit card and other sensitive information from hackers. One of my friends recently revealed that his PayPal account was hacked while he was using Chrome, because the hacker managed to install a keylogger on it and steal his password. PayPal has one of the strongest encryptions in the world, but it obviously didn’t address this security risk.

All Chrome users need to understand the limited impact the new warning will have on security. They can’t assume that a connection is safe simply because Chrome doesn’t mark it as unsecure. Nevertheless, some people may not understand this and be laxer with their security, which could increase the risks of other security threats. 

Rehan Jiaz is an entrepreneur, business graduate, content strategist and editor overseeing contributed content at SmartdataCollective.com. He is passionate about writing stuff for startups. His areas of interest include digital business strategy and strategic decision making.

What’s Hot on Infosecurity Magazine?