Discussion in 'Domains and SSL Certificates' started by djbaxter, May 18, 2018 at 8:46 AM.
Google Chrome Issues Final Warning on HTTPS
Search Engine Journal
May 18, 2018
Microsoft once attempted to control the web, they failed with IE6. Google seem doing better job with Chrome. What a bullsh** to remove green mark "because it should be default"
What exactly is your beef? Green mark or not, what this means is that if you have ignored warnings about HTTPS until now, you'd better stop ignoring them and convert.
This is not just about Google, although it can and does affect rankings now. You will have the same issue in other browsers about sites not being secure, especially anywhere a member or potential member is entering a password.
I've been using SSL for ages so this is not my case.
SSL is a good practice for site owners, but this shows how Google attempt to control the web because they own Chrome. I wonder what will be next event after this.
So what is your issue with "removing the green mark" then?
Because people will get confused by it. Red was always the warning when a site used HTTPS but was not valid, now it becomes standard for everything that is non HTTPS.
It won't confuse me. I never even notice the green locks anymore until it's not there, relaxed by either a red flag or that icon with a red slash through it.
That is exactly Google's point. We don't need a bunch of green flags anymore. We only need to highlight when there's a problem with a website.
Think of all the warning lights on a car dashboard. We don't have a hundred little green lights. We just have red warning lights when a problem occurs.
It's not about 'removing the green mark', incidentally. Stuff sent over HTTP is trivially snoopable - and trivially interruptible.
Meaning that it's not difficult to eavesdrop on sites that have logins (like, say, forums) and grab passwords, especially in the modern age where a lot of access is done over wireless connections that can be snooped on absolutely trivially. As for interruptible, doing MITM attacks and changing content midflight is not a new idea and much harder to do on HTTPS (though, I'll note, far from impossible)
I think this is a good move, actually.
Well for people here i have high hope that they understand what they see. But people that are non technical and only do normal plain stuff this will get them confused. Especially when Chrome does A, Edge does B and Firefox does B also.
It's just transitional. Within another month or two, Firefox and Edge will follow suit.
I guess this makes google the internet police, im ok with it ... google gets me
not a fan of chrome or andriod tho
Good for you, but not everyone is techie.
It will confuse a lot of people, esp since its been pushed by many sources as the way to tell if the site is secure.
Its a pointless thing to do - having a green (or red) lock there doesnt cause anyone any issues, so why remove it ?
As I said above, one reason is "flag blindness" (cf. ad blindness and lights on a car dashboard). If flags only appear when there's a potential problem, you are more likely to notice them.
As I also said above, I don't even "see" the green padlocks on my own sites or those I visit regularly any more. I only notice the non-secure flags.
You have just proved my point that Google somehow succesfully controlled the web.
I'm not against this decision for SSL of course, just don't like it if they removed green mark, when there is no better protocol.
Well as with most new things, confusion on a individual level is only temporary. Clarity that eventually comes after, is more permanent
Nice read for folks https://www.troyhunt.com/the-decrea...dicators-and-the-importance-of-negative-ones/
Excellent. Thank you for those two resources, eva2000.
As far as I can see its a bit like saying we dont need green traffic lights anymore, if its red, stop, otherwise go.
That would cause a lot of confusion as well.
okay... if you say so, Paul...
And that's why they are called stop signs... there's no need to a green sign at the intersections that you have right of way.
I am of the camp that it's better to make something that stands out from what the "norm" should be and ONLY warn. The green lock was - for a long time - outside the "norm" and was used to assure the users of a secure site. Now all they plan to do is just the opposite. If the site is secure, don't have anything special but WARN if it is not under SSL.
Where this is going to hurt is those that are to damn lazy to take the time to use SSL on their sites. I fully expect to see those admins screaming bloody murder once something like this goes into effect.
It's going to hurt EV SSL certificate commercial providers' bottom line as for so long they have marketed that EV green indicator was a what you'd want to see, now Chrome and other web browsers are going to take that away.