Activate This Chrome Flag To See Just How Non-Secure The Web Today Is

Image: Troy Hunt

By the end of 2017, it's almost a certainty that the Google-developed Chrome browser will flag all non-HTTPS sites as "non-secure". Currently, only HTTPS sites lacking certificates (or out-of-date or incorrectly configured ones) earn the red triangle of doom. But what if Google flicked the switch now? What would the web look like?

Aussie and Microsoft MVP Troy Hunt decided he'd like to peek into this future and it turns out it's filled with holes, especially from sites you'd expect should know better.

The list includes Apple, eBay, Qantas, Ferrari, National Australia Bank, HSBC, the United Nations and even Stack Overflow. Every single one did not load over HTTPS by default.

In a — sadly — unsurprising turn of events, the online presence of our own government came up short also.

If you want to visit the non-secure web yourself, it's easy enough to do. Just hit up the internal chrome://flags page of the browser, look for the "Mark non-secure origins as non-secure" option and set it to the similarly-named item in the drop-down. You'll probably need to restart Chrome.

Now, as Hunt himself remarks, his investigation is "a bit tongue in cheek" — Google doesn't plan to lock down the internet (at least in Chrome) until mid-to-late 2017, so all of these sites have plenty of time to get there act together. And of course, those that have an ecommerce element, such as Qantas, do serve those pages securely.

Still, you'd think these sites would have HTTPS everywhere regardless. It's not like it's particularly hard, especially if you have the certificate chain in place already.

[Troy Hunt, via Reddit]

Originally published on Gizmodo Australia.


Comments

    https://s18.postimg.org/x31leljm1/Capture.png

    Isn't that all to do with SSL certificates and you basically want that on websites that are dealing with sensitive information like credit card info for example?

    Inetesting how you you say:
    you’d think these sites would have HTTPS everywhere regardless. It’s not like it’s particularly hard,

    I've noticed for a very long time that Lifehacker, Gizmodo, etc don't use SSL. You can even get free certs guys!

Join the discussion!

Trending Stories Right Now