Google is working hard to make the web a more secure place and with its Chrome browser being the most popular browser on the market by most accounts, that was a good place to start. Google says that security has always been one of the core principles of Chrome and points out that it was found to be the most secure browser in two recent studies when looking at multiple aspects of security.
Google promised about a year back that it would start marking all websites that aren't encrypted with HTTPS security as "not secure" in Chrome. Google's Emily Schechter, Chrome Security Manager, wrote, "We wanted to help people understand when the site they're on is not secure, and at the same time, provide motivation to that site's owner to improve the security of their site. We knew this would take some time, and so we started by only marking pages without encryption that collect passwords and credit cards. In the next phase, we began showing the ‘not secure’ warning in two additional situations: when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode."
Schechter notes that despite being only a year since Google started this HTTPS push, there has already been big leaps in the increased security (HotHardware.com is also 100% HTTPS secured). Three big takeaways from the Google Transparency report are below:
- 64 percent of Chrome traffic on Android is now protected, up from 42 percent a year ago.
- Over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on Chrome OS a year ago
- 71 of the top 100 sites on the web use HTTPS by default, up from 37 a year ago
The good news for folks who frequently visit websites that are located outside the U.S. is that HTTPS usage is increasing globally (Japan jumped from 31% last year to 55% this year as measured using Chrome for Windows). Similar surges have been seen in Brazil with HTTPS up to 66%.
Schechter also writes that Google is still a Platinum sponsor of Let's Encrypt, a tool that is a free and automatic certificate authority to make encrypting websites cheap and easy for site owners. She wrote, "Google also recently announced managed SSL for Google App Engine, and has started securing entire top-level Google domains like .foo and .dev by default with HSTS. These advances help make HTTPS automatic and painless, to make sure we’re moving towards a web that’s secure by default."
Google recently announced that it was considering baking in a feature for Chrome that would block embedded website cryptocurrency miners. This had become an issue of late with one of the first embedded miners secretly stealing CPU power from site visitors being The Pirate Bay.