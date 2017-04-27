Chrome Will Start Marking HTTP Sites In Incognito Mode As Non-Secure In October (venturebeat.com) 19
Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.
Let's Encrypt is literally terrible!
1) short cert life times so you can't use pinning to know if maybe something has changed
2) not even domain validated, if you control the web server you can get cert. Generally that means you could alter content anyway but frankly DV certs were not a good idea.
3) give a false impression of authentication, where there really is none, see #2. Sure you can look for EV or whatever in your URL bar, but automated process and such don't really have a concept of class where cert
Oh Please! Let's stop pretending here (Score:3, Insightful)
The entire internet is 'non-secure', by design. Your silly https is a fucking joke, worse it's a lie.
Just ask yourself how Google can possibly know that and you can get a pretty good idea of where it really stands on the spyware/privacy issue.
Why would Google have any control or visibility of anyone's connections, unless either that person also independently uses Google services in some sort of ISP capacity or the sites they are visiting independently use Google services in some sort of hosting capacity?
Do I really want to know (Score:2)
How they know this?
From all the browsing activity conducted through Google Chrome by people who have agreed to let them use anonymised browsing data for statistical purposes.
Is "Krystalo" actually Emil Protalinski? (Score:1)
Is "Krystalo", the submitter of this submission, actually Emil Protalinski? All three of the articles linked to by this submission are on this "VentureBeat" site, and all three list "Emil Protalinski" as the author.
A cursory glance at the submission history for this "Krystalo" Slashdot user shows other submissions linking to this "VentureBeat" site.
