people their data is at risk every time they visit websites that do not use the "HTTPS" system.
Google is proposing to warn people their data is at risk every time they visit websites that do not use the "HTTPS" system.
Many sites have adopted the secure version of the basic web protocol to help safeguard data.
The proposal was made by the Google developers working on the search firm's Chrome browser.
Security experts broadly welcomed the proposal but said it could cause confusion initially.
Scrambled data
The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser.
If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security".
The team said it was odd that browsers currently did nothing to warn people when their data was unprotected.
"The only situation in which web browsers are guaranteed not to warn users is precisely when there is no chance of security," they wrote.
HTTPS uses well-established cryptographic systems to scramble data as it travels from a user's computer to a website and back again.
The team said warnings were needed because it was known that cyber thieves and government agencies were abusing insecure connections to steal data or spy on people.
Rik Ferguson, a senior analyst at security firm Trend Micro, said warning people when they were using an insecure connection was "a good idea".
"People seem to make the assumption that communications such as HTTP and email are private to a degree when exactly the opposite is the case," he said.
Many sites have adopted the secure version of the basic web protocol to help safeguard data.
The proposal was made by the Google developers working on the search firm's Chrome browser.
Security experts broadly welcomed the proposal but said it could cause confusion initially.
Scrambled data
The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser.
If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security".
The team said it was odd that browsers currently did nothing to warn people when their data was unprotected.
"The only situation in which web browsers are guaranteed not to warn users is precisely when there is no chance of security," they wrote.
HTTPS uses well-established cryptographic systems to scramble data as it travels from a user's computer to a website and back again.
The team said warnings were needed because it was known that cyber thieves and government agencies were abusing insecure connections to steal data or spy on people.
Rik Ferguson, a senior analyst at security firm Trend Micro, said warning people when they were using an insecure connection was "a good idea".
"People seem to make the assumption that communications such as HTTP and email are private to a degree when exactly the opposite is the case," he said.
No comments:
Post a Comment