In a series of tweets, Google Engineer and Manager on Chrome Security Team, Adrienne Porter Felt listed four reasons why users should upgrade from HTTP to HTTPS. The tweet came out to clear the air about Chromes’ continual efforts to implement HTTPS.
To share the backdrop, Google announced in a blog post that Chrome would designate sites not using HTTPS as ‘not secure’. The process will start in July with Chrome 68 rolling out, according to the release.
Commenting on the development, Chrome Security Product Manager, Emily Schechter said, “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year, we think that in July the balance will be tipped enough so that we can mark all HTTP sites.”
Adrienne chose to speak on Twitter. Here is the full text of the four tweets.
1. "Many people on the Chrome team are personally passionate about web security. HTTPS is a foundational part of web security. It’s a grassroots effort that worked hard to get leadership support.
2. We don’t think people know or care about the difference between HTTP and HTTPS. Security indicators are nigh impossible to get perfect. If everything is HTTPS, one less thing to bother users about.
3. ServiceWorkers are revolutionary. They make websites work offline or under flaky network conditions. They’re also too powerful to allow over HTTP. If we want the web to use ServiceWorkers, the web must use HTTPS first.
4. From a business perspective, we want people to both feel and be safe online. If they enjoy the web — if it’s fun and reliable and SAFE — we hope they’ll spend time using our product (Chrome).”
In this post, we discuss more about HTTPS, the importance and future of web security, what Adrienne said, and explore some other reasons why you should migrate from HTTP to HTTPS.
But first, let’s start with the basics: what is HTTPS?
What is HTTPS?
To understand HTTPS, learning HTTP is a must.
HTTP short for Hypertext Transfer Protocol is basically the conduct observed to transfer data to the web. It acts as a connecting medium between the web browser and web server to fetch requested results for the user.
HTTP Secure, on the other hand, is the same thing with security enabled. A secured HTTP means the communication and transfer between the web browser and the web server are encrypted, so the information can’t be stolen or misused by any unauthorized party.
HTTPS actually works in three steps. You can call it a multi-layered security instrument. Here are the steps defined:
1. Data encryption
HTTPS encrypts data that can only be decrypted by an authorized party. So, even if the data is accessed, it would be of no use to the attacker.
2. Data integrity
The data managed through HTTPS can’t be corrupted, therefore, ensuring data integrity.
3. Data authentication
HTTPS prevents data sharing by customers with scammers thinking they are the real party. In other words, it protects from man-in-the-middle attacks.
Now back to the tweet.
Adrienne’s take on HTTPS
Here are the four powerful reasons shared by the Google Engineer to migrate to HTTPS:
1. Google isn’t the only one
Adrienne defined HTTPS as “a foundational part of web security. It's a grassroots effort that worked hard to get leadership support.”
Do you know that the concept of a secure web first came in 1994 with the invention of the SSL protocol? The protocol was invented by Netscape, and most web publishers, e-commerce businesses, and particularly the developers of Mozilla invested in the development.
This means Google or Chrome is not alone in establishing or encouraging web security. In fact, all publishers who have a stake in the web business have already supported a secure transmission of data in the past.
2. HTTPS brings convenience
“We don't think people know or care about the difference between HTTP and HTTPS. Security indicators are nigh impossible to get perfect. If everything is HTTPS, one less thing to bother users about,” Adrienne’s second reason to use HTTPS.
She believes websites with HTTPS are user-friendly. They give more value to users in addition to a trouble-free and convenient experience.
From the user’s perspective, this is at least one less thing to worry about and continue unperturbed on the internet.
3. HTTPS supports Service Workers
Service Workers are APIs that run in the background, separate from the web page. They allow features like push notifications and background syncs to perform without needing a direct interaction. All this together enables users to have an improved online and offline web experience.
But that’s only possible in the presence of HTTPS because web security is vital to Service Workers.
According to Adrienne, “If we want the web to use ServiceWorkers, the web must use HTTPS first.”
4. A reliable and safer internet
Adrienne said people will use the internet and our products when they feel reliable and safe using it. This is why — from the business’s perspective — it is important to safeguard user’s information and communication which is possible by using HTTPS.
HTTPS protects personal users’ information especially when they are using public networks. It is no hidden fact that today, a mobile in the hand of a user is his sole property and history because of accounts and passwords in there. An intrusion into the data on the device is a risk to both the user and the business offering the service.
Some other reasons why
Reasons coming from the beneficiaries of a product can be doubted but neutral opinions and first-hand experiences have proven HTTPS to be useful in many ways.
Apart from Adrienne’s beliefs, here are some other convincing reasons to shift to using HTTPS.
1. A secure site wins user confidence
Chrome shows a green padlock icon before the URL of a website to ensure a safe user experience. Websites with the green icon enjoy credibility because users are likely to trust them with their sensitive information.
On the other hand, sites with a ‘not secure’ badge receive the least traffic and little or no confidence.
Note that Google has started labeling HTTP sites as ‘not secure’ since January last year.
2. Better and stronger SEO
Google’s ranking algorithms take into account certain factors, the usage of HTTPS is one of those. Google even admitted that in 2014 in a company blog.
Do you have a reason to see your website ranked poorly on Google’s search engine? I am sure it is the otherwise.
3. Fortune 500 companies are on board
If you conduct research on HTTPS adoption, you will find most of the Fortune 500 companies using HTTPS.
Out of all great reasons, one contributing factor for the Fortune 500 companies to make it on the list could be their migration to using a secure protocol.
4. The referral blockage
Google analytics block every referral from HTTPS to HTTP. This mean, if your site is HTTP and another site which is HTTPS links you somewhere, it won’t be shown in your Google Analytics. In other words, the linking that you were graced with won’t be worth it.
Therefore, migrating to HTTPS is somewhat necessary.
5. Website performance
It is tested by Load Impact and Mozilla that sites on the HTTP/2 perform 50-70% better than sites on HTTP/1.1. The HTTP/2 is supported by HTTPS.
Last Words
The benefits of using HTTPS are pretty convincing because they not only improve user experience but also help you increase your search engine rankings.
Migrating to HTTPS is quick and easy. If you’re interested in migrating your site, read our step-by-step guide on how to move from HTTP to HTTPS.