‘Secure’ does not mean ‘safe’

What are web browsers changing?

First, changes to the display of HTTP (unencrypted) websites

In Chrome 68, the omnibox will display “Not secure” for all HTTP pages.

Then, the changes to the display of HTTPS (encrypted) websites

Chrome treatment for HTTPS pages

Eventually, we’ll see the non-display of Extended Validation certificate information within the omnibox

Why do these changes matter?

HTTPS is better for you, your users and the relationship in between

So, what does ‘safe’ have to do with this?

HTTPS is pseudo-management validation, privacy and integrity

  • Pseudo-management validation— the website manager(s) must sufficiently pass certification issuance checks — whether domain validated (DV), organisation validated (OV) or extended validation (EV) — to be issued with a certificate from a public/recognised Certificate Authority (CA).
  • Privacy — assuming well-configured TLS is in-use: the data exchanged between the user and the website’s servers will be encrypted and not visible to third-parties (ISPs and so on)
  • Integrity — stemming from the encryption mechanisms the integrity protects data from being manipulated between the user and the website’s servers.

HTTPS is great, but it does not tell you if the website is ‘safe’ (true, dangerous or responsible)

  • True —whether the site is what it says it is
  • Dangerous — whether the site is bad for you
  • Responsible — whether the website operator is not bad

What does keep me ‘safe’ online?

Quick-fire debunking of some of the related questions/statements circling at the moment

“Google is trying to influence the Internet”

“My website doesn’t need HTTPS”

“Extended Validation is important and wonderful”

“Implementing HTTPS will cost me money”

“Implementing HTTPS will cost me time/effort”

“Implementing HTTPS is hard”

The thin blue line between technology and everything else. joelgsamuel.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Introducing Cali Dog Security

Exploit Windows 8/10 using Remote Access Trojan (RAT).

{UPDATE} My Little Army Hack Free Resources Generator

An Examination of Select Controls for Enforcing the CIA Triad

SpartanDev:07/06/21–13/06/21

We need a Personal Information Bill of Rights

3.6 Million Websites Went Offline Due to a Fire: How Decentralized Cloud Would’ve Prevented It

Purchasing Moon’s Lunar Land with Metamask — A Complete Guide

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joel Samuel

Joel Samuel

The thin blue line between technology and everything else. joelgsamuel.com

More from Medium

Perimeter security with Fastly edge and AWS — Part II

UCI Commit EIO in Container

How to Invert, Negate the Colors in an Image using Go

Reverse proxy with Oracle Apex Free Tier and Nginx on mikr.us