Thursday, December 18, 2014

Google wants to warn you every time you use HTTP instead of HTTPS

So recently, Chrome developers have been floating the idea that the UI should post a security alert every time the browser visits a page that isn't encrypted. According to the BBC, currently only 33% of  websites use HTTPS (encryption). I suspect in actual practice the number of websites that are still using unencrypted web connections is much higher. This would mean you'd be getting many security alerts in practice.

I am all for more encryption. There are far too many parties out there who have something to gain by snooping your connections. Every time I use an strange WI-FI hotspot I worry about who is listening or how they might modify my data.

Many think this is all theoretical. That no one really cares about your data so unless it's something like banking data then it doesn't matter. Nonsense. Dangerously so. You're not up against humans you're up against software and with software you're never too small to not matter.

Consider that the WI-FI hotspot might be inserting ads into web pages you're looking at. Comcast has been caught doing this. This is annoying and potentially misleading because now you can spam ads and the user will think it's coming from whatever website you're using. Hopefully they didn't make a mistake or the page won't show up at all. What about replacing existing ads with your own? Too bad for the original web site trying to make a living. What about inserting a tracking ID so you can be followed everywhere you go?

What is the ISP doesn't think you should be watching youtube?

And these are the corporations. Nasty people on the internet can  snoop on everything that goes over an unencrypted connection. Much of it can be used to fool support and steal domain names or accounts because why not? .. to say nothing of identity theft. How much of yourself are you giving away each time you log into facebook?

Then there's the government. Whether you're liberal or conservative you can bet there's someone who disagrees with something you're doing.

Many websites have encrypted versions of their site. However it can be painful to figure out which sites have an encrypted version and to manually switch over. This is where HTTPS Everywhere comes in.

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web: Install HTTPS Everywhere today.

HTTPS Everywhere is a browser extension that contains a database of web sites that have encrypted versions and automatically redirects you to the encrypted version of the site without you having to worry about it. This gives me some piece of mind when I'm using public WI-FI hotspots. It's not perfect but it's the best we can do until all connections on the internet are encrypted.

.. and they will be.

No comments: