By the end of 2017, it’s almost a certainty that the Google-developed Chrome browser will flag all non-HTTPS sites as “non-secure”. Currently, only HTTPS sites lacking certificates (or out-of-date or incorrectly configured ones) earn the red triangle of doom. But what if Google flicked the switch now? What would the web look like?
Aussie and Microsoft MVP Troy Hunt decided he’d like to peek into this future and it turns out it’s filled with holes, especially from sites you’d expect should know better.
The list includes Apple, eBay, Qantas, Ferrari, National Australia Bank, HSBC, the United Nations and even Stack Overflow. Every single one did not load over HTTPS by default.
If you want to visit the non-secure web yourself, it’s easy enough to do. Just hit up the internal
chrome://flags page of the browser, look for the “Mark non-secure origins as non-secure” option and set it to the similarly-named item in the drop-down. You’ll probably need to restart Chrome.
Now, as Hunt himself remarks, his investigation is “a bit tongue in cheek” — Google doesn’t plan to lock down the internet (at least in Chrome) until mid-to-late 2017, so all of these sites have plenty of time to get there act together. And of course, those that have an eCommerce element, such as Qantas, do serve those pages securely.
Gizmodo Australia is gobbling up the news in a different timezone, so check them out if you need another Giz fix.