Google pushes for tougher HTTP controls

Google wants to implement a warning system that tells customers their data is at risk every single time they visit a site that doesn’t use the HTTPS web protocol system.

Developers working on the firm’s Chrome browser want to mark all HTTP connections as non-secure and it would mean every time an offending page is visited a notification will pop up warning that the connection “provides no data security”.

“The goal of this proposal is to more clearly display to users that HTTP provides no data security,” read the proposal outlined on the Chromium blog.

The same team of developers noted that it is confusing that all of the leading web browsers don’t already warn users that the connection could leave their data open to exploitation.

“The only situation in which web browsers are guaranteed not to warn users is precisely when there is no chance of security: when the origin is transported via HTTP,” it noted.

At present just 33 per cent of websites use the HTTPS protocol, according to figures from the Trustworthy Internet Movement cited by the BBC. It is more secure as it uses a number of renowned cryptographic systems to encrypt data whilst it goes from a computer to a website and back again.

Sealing up the remaining 77 per cent of sites that don’t use the HTTPS protocol ensures that users aren’t open to cyber thieves or government agencies that want to pilfer data or eavesdrop on communications.

Security analysts are in the agreement on the proposal with most echoing Google’s view that it is strange browsers don’t already flag up unencrypted HTTP connections as something to be worried about.

"It will seem like a lot of hassle in the short term, but it will be a good thing for the whole web in the long run," Paul Mutton, security analyst at Netcraft told the BBC. "In the short term, the biggest headache is likely to be faced by website operators who will feel forced to migrate unencrypted HTTP websites to encrypted HTTPS."

Some of the web’s largest sites such as Twitter, Facebook, and Yahoo already use HTTPS and with Google pushing HTTPS sites to the top of search rankings it won’t be long until the rest of the web slowly follows suit.