The web has changed a lot over the last couple of decades. However, two seemingly rare but distinct behaviours have remained: 1. People like to break things, the majority of the time just to prove that they can and 2. People like to listen in and steal your personal information. These two behaviours, when combined with the dramatic growth of online banking, online shopping and Wi-Fi hotspots, have created a toxic environment. An environment so full of security flaws that anyone with enough tenacity would need no more than a couple of hours to get insight into their neighbour’s browsing habits and login details.
The tech giants have been aware of these flaws for a long time which is why Netscape, back in 1995, developed the first version of HTTPS (SSL 2.0) to allow information across the web to be encrypted and be read only by those for whom the information was intended.
This was great. It allowed webmasters and developers to encrypt all the data between their servers and users. It allowed secure online banking, and it aided the growth of consumer confidence in online shopping. However, it also missed something. While it’s great to encrypt the sensitive parts of the web, what about the rest of the web: Your Google searches? Your chats on Facebook? Your browsing habits on Flickr? For the web to protect the security interests of all users, surely all communication across it needs to be secure? Google, Microsoft and Firefox have all been aware of this for some time and, over the past few years, have attempted to shift the web towards achieving it:
And now, in September of 2016, Google gave this move another push by announcing that from January 2017, all HTTP pages that collect passwords or credit cards will be marked to users as ‘not secure’: