Oh great, have just read this:
https://www.ghacks.net/2018/09/03/what-happened-to-http-and-https-in-chrome/
https://www.ghacks.net/2019/08/01/chrome-76-no-more-https-or-www-in-address-bar/
Google/Chrome browsers (= all except Firefox family) are marking all "http" websites with a prefix "Not secure" before the URL.
That looks of course especially great on a browser homepage like KM
Very encouraging for potential new users...
The advantage of "http" over "httpS" is of course that people on very old systems with very old browsers are still allowed reading access too. Almost everywhere else on the web we're now locked out
As far as I understand history, in the far past only private websites (especially for banking) were encrypted, not public ones.
Later, until 1-2 years ago, most public sites were encrypted too, with SSL3, which still allowed access for old browsers too. But meanwhile this is outdated, not fully secure anymore, and Google (ab)used it's monopoly power to force just about ALL websites, regardless how public and harmless, to use TLS1.2 for httpS encryption. Which mostly means GoodBye internet for very old systems.
In general encryption is good of course, but if a user is "protected" by locking him out from reading even harmless, public websites, this claim becomes sarcastic.
The best compromise is of course if non-banking sites can offer both, old or new encryption, depending on browser age.
What I find interesting, have recently learned there are also some
disadvantages to httpS:
httpS needs certificates, and website or blog owners must BUY them!
Aside from the money, which most little hobby site owners may have or not, this also involves banking for paying, which is highly dangerous. Hundreds of millions of hacked data sets get regularly sold in the dark net, and even the most secure companies have been hacked in the past. It's only a matter of time.
And httpS is especially GREAT for the global spying companies! For recording
browsing history.
Because all internet traffic to httpS sites first contacts those
very few certificate issuers, to ask if the certificate of the target site is still valid. Could bet this also sends them the own IP and possibly other data along, making it supereasy to get a complete browsing history of users. Even if the IP is dynamic and changes every day or week, but the browsing habits are much the same every day, making users easily recognizable again by AI.
There's not the slightest doubt for me that Google and other data collectors have access to those data sets too, some way or other they are all interconnected and buying each others data, or if necessary Google/Facebook/Amazon simply buy whole companies. Or create own ones. Google has already under one roof combined data of most browser users, most mail users, most sync and cloud data and whatever users, and other mega corporations like Akamai, Amazon etc. may act more invisibly, but in the background are involved in most internet traffic today too. Over here hosting even Police data sets and whatnot. And in US the ISP-providers are officially allowed to sell ALL data of their users to whom they want, but that's getting too offtopic.
Over half the web is now already blocked from READING by TLS1.2, quickly growing towards 80%, just a few examples:
developer.mozilla.org, github, sourceforge mostly, twitter, latest addition: ghacks.net
(only saved now by a few updated ancient browsers, like retrozilla, or roytam1 fx36, and partly KMG74)
Edited 1 time(s). Last edit at 10/07/2019 01:42PM by siria.