Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Google to bolster Chrome privacy protections with HTTPS-First Mode

Chrome 94 will ship with a new feature, HTTPS-First Mode, that attempts to upgrade all web page connections to HTTPS, Google has announced.

If the site in question does not support the encrypted protocol, the browser will display a full-page warning to users, informing them that their connection will be insecure before loading the page.

Users will have to activate HTTPS-First Mode themselves if they want the function enabled, but Google said it is considering switching the service on by default in future releases, depending on user feedback.

Mozilla introduced a similar function – HTTPS-Only Mode – for Firefox in November 2020.

Phasing out HTTP

HTTPS applies TLS encryption over the HTTP protocol in order to protect data shared via the connection from interception by eavesdroppers.

Although 95% of traffic across Google is now encrypted by HTTPS – up from 50% at the start of 2014 – Google said in a blog post that “there’s more we can do to help make HTTPS the preferred protocol on the web, and better protect users on the remaining slice of the web that doesn’t yet support HTTPS”.

Chart: HTTPS-encrypted connections as share of Google traffic 2014-2021HTTPS-encrypted connections now account for 95% of Google traffic, up from 50% in 2014 (Image: Google)

Chrome’s address bar already uses https:// by default for most typed navigations that don’t specify a protocol. This change has been in place since Chrome 90.

Google said it would continue to evaluate whether “powerful features” should be restricted or limited to secure origins such as HTTPS.

Padlock icon under threat

Google is also running an experiment in Chrome 93 whereby the padlock icon displayed in the address bar to indicate a HTTPS connection will be replaced “with a more neutral entry point to Page Info”.

Organizations will be able to opt out of the experiment, and a ‘Not Secure’ indicator will continue to be displayed on sites that don’t support HTTPS.

Explaining the move, the tech giant points to a recent Google survey in which just 11% of respondents correctly identified what the lock icon represents.

“Our research indicates that users often associate this icon with a site being trustworthy, when in fact it’s only the connection that’s secure,” said the Chrome development team.

“We hope that this experiment will improve the discoverability of critical privacy and security information and controls provided in Page Info, such as site permissions.”

Guiding principles

Documented in a Chromium wiki, Google says its plans in this area will be guided by three security-focused principles.

These include better informing users of trust-related changes around insecure web connections, limiting sites’ ability to opt out of security policies related to insecure connections, and restricting how, and for how long, Chrome stores site content conveyed over insecure connections.

Advertisement. Scroll to continue reading.

Google said more details will be announced later this year.

Source: https://portswigger.net/daily-swig/google-to-bolster-chrome-privacy-protections-with-https-first-mode

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich....

Cyber Security

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word...

Cyber Security

A new form of communication on Twitter called the Encrypted Direct Message has been made available by Twitter. It will appear in your inbox...

Cyber Security

The agency continues its post-quantum cryptography push as it looks to create guidance for all sectors. The latest step in post-quantum cryptography guidance is...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO