Popular Websites Without SSL Certificates

Posted: Feb 7 2020, 1:06am CST | by , in Technology News

 
Popular Websites Without SSL Certificates

To protect our privacy and to ensure online communication is secure, businesses around the world are increasing their security by utilizing SSL certificates. Websites have been using easy to implement, end-to-end encryption for around 20 years, but just recently, has it become a very important topic for us all. Thanks to HTTPS, every time you transfer money, buy something online, send an email, or log into any of your social media accounts, a security layer of encryption protects the information that is exchanged. But even to this day, not every big webpage is on board. Is there any good reason why?

What is HTTPS and why are SSL certificates so important?

The internet has changed a lot since its inception. In the early days, it was primarily a network for the government and academia to share information. Commercial growth, as well as growing threats to network safety, made the HyperText Transfer Protocol (HTTP) very vulnerable. HyperText Transfer Protocol Secure (HTTPS) is the secure version of HTTP and ensures that ongoing online communication between servers and browsers is encrypted and safe. Encryption describes the modern-day method of protecting electronic information and prevents others from reading the data running between a browser and the server.

“If you’re on HTTP, the entire URL and page content is visible to anyone on the network between you and that site. Every page you went to on that site. Any search terms. What articles you’re reading. If you’re on HTTPS, only the domain of the website is visible and not the page you’re looking at. Anyone on the network can still tell what website you went to, but it’s very difficult to determine what you did on that site,” says Tim Willis, HTTPS Evangelist at Google.

Simply put, HTTPS makes the internet more secure and really, there is no reason not to use it. All you need to transform a website from HTTP to HTTPS is an SSL (Secure Sockets Layer) or Transport Layer Security (TLS) certificate. Implementing these protocols onto your website creates a secure link and ensures that all data passed from a website to a browser stays secure. That way it prevents people from stealing private information such as credit card numbers, addresses, or telephone numbers and helps your users avoid malicious websites that are trying to steal their personal information. If you’d like to read more on what SSLs are and how they secure your information, check out this blog post by 101domain.

How can you tell if a website is using HTTPS?

Warning! Never send any sensitive information to a website that isn’t using HTTPS. You may be communicating personal information to people you don’t want to share it with. But how can you spot which sites are using HTTPS versus HTTP?

The web address indicates in the browser window whether the site uses HTTP or HTTPS. Most browsers trigger security warnings when a user enters a website with an unsecured connection. Google Chrome displays a “Not secure” warning to inform the visitor. On the other hand, the browser will show a green “secure” or padlock when the page is using HTTPS. The padlock (also called a site identity button) appears in the address bar of a browser when you visit a website. It indicates that the connection between your browser and the website is encrypted and assures that the connection hasn’t been intercepted. Clicking the padlock will open the site information, which allows the user to view more detailed information.

#HTTPSShame

Security is something that Google takes very seriously. Back in October 2017, the American multinational technology company published a report showing that an alarmingly small number of the most-trafficked websites are using HTTPS. The Google audit showed that around 80 percent of the web’s top 100 sites didn’t deploy HTTPS by default. The world couldn’t believe that so many sites still operated on HTTP; examples were theNew York Times,Fox News, and the BBC. This very shocking outcome led to more drastic measures. The website whynothttps.com released a list of the top 100 pages that didn’t deploy SSL certificates, and thus the shaming began. Even though the site owners ought to have known better even back then, we don’t want to resentfully drop names that used to be on this list. Forgive and forget.

Well, as we all know, Google doesn’t forgive nor forget so easily. They work according to the lines of “we make the rules and we like to be in control.” Half a year later, in July 2018, with the release of Chrome 68, Google’s browser started clearly labeling sites that are still on HTTP instead of HTTPS with a gray “not secure” message. Google furthermore announced back then that not providing a secure HTTPS connection will have a soft impact on a page’s SEO rating. This made HTTPS practically mandatory.

Unfortunately, according to Google, achieving full encryption of all web traffic doesn’t come without a fight. Several technical and political challenges still need to be overcome. Certain countries or regions and organizations still block or degrade HTTPS traffic. Last but not least, not every business believes in the importance of implementing HTTPS, or else they lack the technical resources to do so. Some companies are intimidated by the process because some parts of HTTPS can admittedly be complex. Luckily, most of it is simple.

Strong encryption is fundamental to the safety and security of the internet. Thankfully, most popular websites now support HTTPS, and #HTTPSShaming belongs with the past. Still, that doesn’t mean a website can’t run into problems with SSL certificates.

How to troubleshoot problems with SSL certificates

SSL certificates are easy to use, but they can also throw some technical issues at you. One of the most common errors is that a page still shows up as “not secure” after the installation of the certificate.

This can occur due to mixed content, which means some resources used on your site are not secure even after installing the SSL certificate. Another reason could be incorrect or expired certificates. You need to set up a redirect to your HTTPS page if you want to make sure your site always shows up as secure. If you’re ever wondering how to solve these issues, ask your domain registrar how they can help you straighten out your SSL-related issues.

Sources:

https://whynohttps.com

https://transparencyreport.google.com/https/overview

This story may contain affiliate links.

Loading...

Find rare products online! Get the free Tracker App now.


Download the free Tracker app now to get in-stock alerts on Pomsies, Oculus Go, SNES Classic and more.

Latest News

Comments

The Author

<a href="/latest_stories/all/all/2" rel="author">Luigi Lugmayr</a>
Manfred "Luigi" Lugmayr () is the founding Chief Editor of I4U News and brings over 25 years experience in the technology field to the ever evolving and exciting world of gadgets, tech and online shopping. He started I4U News back in 2000 and evolved it into vibrant technology news and tech and toy shopping hub.
Luigi can be contacted directly at ml[@]i4u.com.

 

 

Advertisement

comments powered by Disqus