Why do 20 per cent of the world's biggest websites ignore HTTPS?

null

With constant updates, Google is trying to make its products more profound and secure. In the mid of 2018, Google released the Chrome 68 version that marked all HTTP sites as not-secure. One of Google’s audit states that 79 out of the top 100 non-Google websites do not make use of an HTTPS certificate. Among the big names include IMDB and New York Times.

If you are on an HTTP site, then the URL and the content on the page is visible to everyone on the network which is something to be taken seriously. For a website that is earning through its content, this is something to be concerned about, or its user data might be intercepted. It seems a bit shocking that big global websites have not yet considered switching to HTTPS even after countless warnings by Google. In this article we will take you through the reasons for it and why it is important for them to make a switch.

HTTPS? - What is it all about?

Hyper Text Transfer Protocol Secure (HTTPS) is an evolved version of HTTP which is a secure protocol used for communication on the internet. HTTP was launched by a British computer scientist Tim Berners-Lee who also invented the World Wide Web. However, with time the HTTP protocol lost its security aspect, and now any unprotected HTTP request can reveal user information to everyone.

HTTPS is a type of encryption that is used to keep the information of users safe. Previously HTTPS connection was used for payment transactions on the websites to deal with money. But with time websites also started incorporating it with an aim to secure accounts and keeping identities and information private.

HTTPS works through Transport Layer Security TLS or Secure Sockets Layer SSL protocol to encrypt communication channels, but clients and servers still communicate with HTTP over a more secure TLS/SSL connection. The use of HTTPS in a fast growing and vulnerable cyber world is compulsory; otherwise, the information and data can be read by anyone.

The Worlds Top 100 Websites (Alexa ranking) - 20 per cent Not Incorporating HTTPS:

Alexa ranked and provided a list of top 100 websites which does not automatically redirect insecure requests to secure requests. Among them, you will find the top 50 websites by country, this data has been collected by Scott Helme's. Each of the websites represent 20 per cent of the biggest 560 websites ranked by Alexa worldwide.

People who use internet regularly, find HTTPS agonising and shocking. This is not because it's the most complicated security measure. The connection is established through an SSL or TLS protocol which has a cryptographic key that creates a digital confirmation that the website and server has been recognised. The server shows a certificate that confirms its tag or identity which enables the encrypted data to be exchanged.

The issue with HTTPS

Earlier, it was costly to set up HTTPS certificate, but now multiple companies are providing free SSL certificates as well. These companies consist of ‘Global CDN CloudFare’ which offers “one-click SSL,” while a project carried by the Internet Security Research Group “Let’s Encrypt” provide SSL certificate to anyone who owns a domain.

Smaller websites are not affected by HTTP certificates, it's the big names that are more concerned. For such sites, the HTTPS process goes through technical engineering work that includes, ‘will your content delivery network cost more for HTTPS’? Or ‘does third-party content on the site has incorporated HTTPS’? The website needs to go through multiple trial and error fixes to get it fixed or implemented.

 A security researcher at Malwarebytes Jérôme Segura states: HTTPS alone isn’t enough to guarantee security. Several sites may implement it on their homepage, he says, while failing to roll it out across all pages and services. You’re often only a few clicks away from being exposed. He also notes that HTTPS isn’t ironclad. It, too, can be exploited.

Can websites work smoothly with an HTTP certificate?

Soon if you stick with HTTP, then the features available for the website will reduce leading to lot of hassle and trouble. Your site won’t rank as per the latest Google Chrome update which allows its geolocation API feature to work on HTTPS and HTTP requests will be ignored. The websites which still haven't converted to HTTPS will suffer with poor search engine ranking.

The use and overload of information is increasing which ultimately hinders online privacy leading to scams and frauds. Websites are not recognising the benefits of using HTTPS certificates as your websites data would be transferred securely.

Conclusion:

Considering the top 500 websites that do not redirect to secure connections, the data loss would be immense in case of an interception. Websites are taking countermeasures to avoid such an incident, but the inevitable could not be stopped as Google will remove many features in its updates in the future. As for a user, it is recommended to avoid HTTP websites as your data and information may be at risk.

Terry Higgins, Digital Content Producer
Image Credit: Wright Studio / Shutterstock