When browsing the web on Google Chrome, everyone sees it and takes it very seriously: the message on the address bar that shows whether a site is secure or not. Whenever I encounter this, I am quite hesitant to further browse the website, but I never knew what the actual implications were, therefore I researched this phenomenon. It turns out, this message is linked to an SSL-certificate. When a domain name owns it, the site is considered secure by Google. SSL stands for Secure Sockets Layer. The normal HTTP (the application protocol) will turn into HTTPS, which actually only implies that the ‘S’ for secure is added. This secures a connection between the browser on the one hand and the web server on the other hand. This ensures that sensitive data transactions are secure, which is especially important when a site handles credit card payments or login data. An SSL-certificate can easily be purchased, usually at a low cost, with the only condititon that it is bought from a trusted vendor.
Even though it is relatively easy to acquire an SSL-certificate, many websites still do not own a certificate, which is why Google took action. In its latest Google Chrome update, companies without an SSL-certificate now get ‘punished’. Instead of a small notification saying ‘not secure’, soon all websites that are not secure will have an ugly red label in the address bar, with the intention of scaring off users into sharing sensitive data on these sites.
From a business perspective, this is a very extraordinary move by Google, since this normally would be the responsibility of a governmental data security institution. Is Google losing track of its true strategy or does it still contribute to Google’s ideals and values? I would love to hear your opinions on this!
Sources:
https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate/
https://www.thesun.co.uk/tech/7495147/google-chrome-update-websites-warning/
Hi Per,
Very interesting article you wrote here! I think you are absolutely right in questioning if Google should have the right to impact traffic to other businesses websites, even if they think they are doing the correct thing. Furthermore, because Google Chrome owns more than half of the browser market share, they are becoming a kind of internet “police”. This should not be the case, as there is no way of guaranteeing that this will be done unbiased. Lastly, the question “where will this end?” remains. Will Google enforce further measures to control internet traffic?
Hi Per,
thank you for the interesting read! I also encountered some of the red screens with websites that I visit quite frequently. For some websites I know that they are relatively safe and if I still need to access it I will use my VPN in order to reduce the risk of sharing unwanted information. Personally, I think that Google is doing the right thing by pointing out the security flaws of different websites, as one of their goals is to protect its users against malware and protect the user’s privacy. This harsh measure requires companies to actually fix their security problems or it will significantly reduce the visitors and consequently business of the websites. In the end, it will help the users of Google Chrome and improve their overall browsing experience over the long term, which is something that google should aim for and actively pursue in my opinion.
Interesting post! I agree with your point that security of citizens, whether online or offline, is theoretically the responsibility of the government. However in my opinion, it is a good idea for Google to implement this “red bar” because Google has much better knowledge about the Internet than any government. Besides that, Google is not just an ordinary company: it has so much influence on consumers that (in my opinion) it has to take responsibility for the users of its services.
One thing that does concern me after reading your blog is the value of an SSL-certificate; how can we trust such a certificate, when it can be bought quite easily?