Tuesday, May 09, 2017

Chrome browser said to be enforcing https standards


A site called “Nestify” is advising web users that Google Chrome will apparently mark all non “https” sites as unsafe, and also mark certain https sites as unsafe if they don’t pass certain standards. The article, shared today on Twitter, is here

It’s obvious that sites that require you to log in need encryption and SSL.  It’s less clear if you’re browsing and the website owner doesn’t require you to log in.  But the business climate of most webmasters today is that most of them need to sell something (however rarely) to some visitors, so an all https environment seems more credible.

Generally, newspapers having a paywall (as more do all the time) are starting to use https for all access (now the New York Times does). Vox does not require login but has installed SSL (maybe because Timothy B. Lee works there and influenced the company to do so).  But some news broadcast networks don’t yet, as they all have totally “free” content.

The article mentions Wordpress sites.  Right now I have four Wordpress blogs on Bluehost, under one account with three add-ons.  Blue Host allows one site per account to have SSL right now.  Since BlueHost has a subdomain naming structure internally, it would sound plausible that they could offer it to all addons on a hosting account at some point with more “programming” or re-engineering of how some routing works.  But that could be hard to install without interfering with access. 

My native Wordpress blog  (URL)  I’m putting some old archived material there) is SSL, as are 13 of the 16 Blogger blogs.  The three that are equated to domain names are not https because SSL is based on domain name (“Blogspot.com”). 

No comments: