Michio Hasai Michio Hasai is a social strategist and car guy. Find him on Facebook, Twitter, and Pinterest.

Chrome’s security team considers marking all HTTP pages as insecure

57 sec read

The Chromium Project’s security team has kicked off a debate on whether browser will mark all HTTP pages as insecure. “We … propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure,” the team writes in this post. The post says the team’s goal “… is to more clearly display to users that HTTP provides no data security” because ““We all need data communication on the web to be secure (private, authenticated, untampered).”

The Chrome browser is generally considered the most secure Web browser, and it also tends to do the best in hacking competitions such as Pwn2Own. This is in part thanks to the solid security architecture of Chrome, and to its security engineers, who keep adopting strong security designs and policies. There’s always a compromise between security and flexibility/freedom to do something. Security is very much about reducing the attack vectors, which generally means reducing the freedom to use some features. Some of those security decisions can go too far sometimes, such as the decision to only allow Chrome extensions to be installed from the Chrome store, when there could have been alternative solutions that are not as restrictive. On Android, users are still allowed to sideload applications, just like Windows and Mac OS users can still install applications from outside the main store. This feature remains despite Android having a much bigger market share than Chrome, and with sideloaded Android apps being potentially much more damaging than Chrome extensions. Yet the security people in charge of Android have decided it’s a necessary freedom that needs to stay within the Android ecosystem.

Avatar of Michio Hasai
Michio Hasai Michio Hasai is a social strategist and car guy. Find him on Facebook, Twitter, and Pinterest.

Opera will soon come with a free and unlimited…

There was a time when Opera was at the forefront of web browser innovation, and some of the features that it pioneered have become...
Avatar of Lorie Wimble Lorie Wimble
1 min read

ProtonMail ditched its invite system and launched its apps

Living in a post-Snowden world, it’s hard to know which online services you can trust with your information, and that’s spawned a massive wave...
Avatar of Michio Hasai Michio Hasai
1 min read

Facebook wants to be the dictionary for the language…

Often times, it seems like conversing with people on the internet requires knowledge of a completely different form of English from what we use...
Avatar of Brian Molidor Brian Molidor
1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *