The goal is to make attacks more difficult
For the last month or so, Google has been testing the notion of using HTTPS (Hypertext Transfer Protocol Secure) as the new default protocol for all URL (Uniform Resource Locator) types when input into the address bar without specifying the type of protocol. Those who have been experimenting with Chrome's latest Canary build have already seen the new feature in action, and the company has decided to forge ahead.
The big issue is how to handle the millions of URLs still using the HTTP protocol. Google will automatically fallback to HTTP if HTTPS fails to produce the requested URL. A bit of history: Google warned webmasters that their sites would not appear in Google searches if they did not use the more modern and secure HTTPS protocol for their web sites. Most larger, commercial sites modernized, however the smaller sites often did not. This left the world split between the two protocols.
In the next stable release, HTTPS as the default will be formally incorporated into Chrome's browser experience. Android users can expect to see it when they update to version 90, which is slated to be released on April 13. The iOS rollout is scheduled for an unspecified date later this year.
This is all a part of Google's ongoing effort to bolster safety on the internet. In this specific instance, the goal is to attempt to thwart "man in the middle" attacks that see hackers intercept un-encrypted web traffic and either steal data or inject malicious code into the data stream.
Chrome team explains further
"Chrome will now default to HTTPS for most typed navigations that don't specify a protocol. For sites that don't yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure)."
If you're interested in testing the upcoming feature before it reaches the stable channel, you can do so by enabling the 'experimental' flag. Just go here
And enable the option to have HTTPS as the default navigation protocol. Once there, you'll also have the option to choose either a 3-second or a 10-second timeout to give the browser enough time to determine the availability of the HTTPS URL.
My perspective
This is an unquestionably good change. Kudos to Google. We're looking forward to seeing it in the stable release.
~ Fred Flintstone might have said - "Yabba Dabba Do! ~
By Denis Wilson
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.
I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.
Contact me if you would like me to speak to your association
