Google dreams of a future in which the Internet will be completely encrypted — with no HTTP sites. At some point soon, however, according to Motherboard, Google's Chrome browser will flag up unencrypted websites — which it deems insecure — by showing you a red "X" in the URL bar. Currently, the browser shows you a white page icon when the site you are accessing is not HTTPS secure and a green padlock when it is.
The intention is clear — Google announced it wanted the whole of the web to be Hyper Text Transfer Protocol Secure (HTTPS), which makes sure all communications between you and your browser are encrypted, back in 2014.
"The goal of this proposal is to more clearly display to users that HTTP provides no data security," Google's Chris Palmer wrote.
And Google's self-appointed "Security Princess" and manager of the security engineering team said Google intends to show just how "unsafe" HTTP really is:
HTTP, we're readying to call you out for what you are: UNSAFE! https://t.co/KuA6ARoH6n #enigma2016 https://t.co/Vs69HDZc2J
— Security Princess (@laparisa) January 26, 2016
HTTPS makes sure that your information is protected from bad guys such as hackers and snoopers, who are after your passwords, messages and other data, which you would rather remain private.
HTTPS is equally good at deflecting fake versions of websites that could also be used to compromise you.
Google has always been interested in privacy, security and protection, according to a cyber security expert who wished to remain anonymous.
"Google has done great things with connection privacy. They will score you down if you have weaker settings on your HTTPS configuration. The main push will be beneficial to everyone involved, including themselves."
"It will push website owners and Internet systems to up their game to implement good connection privacy. It will make the Internet safer in a sense of sending and receiving data (not to be confused with sending or receiving evil data to customers or websites). And they can ensure that all communications to and from their services are protected and not degraded to the point where someone or something can not intercept and action the information learned from an unencrypted connection," an anonymous source told Sputnik.
Encrypt All the Things
The push to literally encrypt everything on the net doesn't come from Google alone, with browsers such as Firefox and Opera following suit.
It's #DataPrivacyDay. Have you encrypted all your things? https://t.co/DlqdcdpSRv pic.twitter.com/WqXTBmFHvk
— Encrypt Things (@EncryptThings) January 28, 2016
A number of organizations who see faults in the way the Internet currently operates have joined forces, backing the "Encrypt All the Things" campaign, which calls for more network and data protection from unauthorized surveillance.
"We believe in the importance of protecting our networks, data, and users from unauthorized access and surveillance, and educating the public on the same," the Encrypt All the Things campaign states.
The Electronic Frontier Foundation (EFF) and anonymous software Tor Project are also backing secure web surfing through the HTTPS Everywhere campaign.
Stay safe out there, please! Use my "Block all HTTP requests" feature. https://t.co/j1Hkgbl8Eo
— HTTPS Everywhere (@HTTPSEverywhere) July 6, 2015
A completely encrypted Internet may seem a little far-fetched, however an anonymous cyber security expert told Sputnik it's not only workable but there is no excuse for companies and organizations not to be pushing for it.
"Organizations have the capability to intercept HTTPS traffic using 'legitimate' man-in-the-middle appliances which we call 'decryptors'. This means that they can offer anyone to use network HTTPS connections and it will be protected, but not protected from those who provide the decrytors."
"There is really no excuse to not move to HTTPS other than if the company cannot afford to buy an appliance or do not have the in-house skill to create an open source solution," an anonymous cyber security source told Sputnik.
With relation to protecting networks and data from government snooping, things get a little more complicated. The "Encrypt All the Things" campaign says it stands against "unauthorized surveillance" — and if the government falls under this category, will it be able to work its way around an all-encrypted Internet?
"If it's unauthorized it depends who is saying who is authorized. If the government want to break your HTTPS there are only a few ways to defend against it at the moment and that's why it's important to keep your certificate configurations up to date… there is some good technology in use already that prevents the HTTPS chain to be broken without acknowledging something has happened between the client and the server."
"On the other hand, you can understand the intelligence and cyber crime agencies really wanting a way around this for good, but there is always that track record of what they have done that they shouldn't have — what they can't tell us that might make us more understanding of the massive invasion of privacy that is enabling them and allowing them the capability to intercept all encrypted communications," the anonymous source told Sputnik.
Google hasn't yet announced when its new flagging system that will put an end to insecure web browsing will be launched, but according to a company employee, who asked Motherboard to remain anonymous, a declaration will be coming "soon."
