Information has always been an important part of day to day life. Knowing how to perform complicated tasks like plumbing, running electrical lines, and hanging drywall are so prized that whole trades were develop to revolve around them, and rightfully so.
Information has also been an important part of identification. Things like your Social Security Number help the government identify who you are for everything from renewing a driver’s license to filing your taxes while things a simple as your name, address, and phone number say a lot about how to find you.
In today’s day and age, we are deluged, surrounded, and spoiled by the sheer amount of information we take in every day. We don’t differentiate between the importance of a life skill and a medical record nearly as much as we should because each is just a part of the ocean of 1s and 0s we expose ourselves to and take in every single time we pull out our smartphone or sit down at the computer.
This apathy regarding what information we type into a website has represented a gold mine for those who seek to find and exploit personal information. From credit cards to identity theft, it has never been easier to find the secrets we used to guard with the utmost care.
Most websites that take credit cards often have “https” in their address bars instead of “http.” That extra letter represents a secure connection, designed to protect sensitive information you submit online by encrypting it and making it unusable to hackers and their bots/malicious scripts.
Google and many other companies decided a few years ago that “most” wasn’t a good enough target.
HTTPS Everywhere is an initiative that many major providers are on board with these days, pushing for all websites to use https on their websites instead of http. They feel that any information submitted through a website should be protected, and aim to help us treat all personal information with the care it deserves.
For the last three and a half years, this was encouraged by gentle nudges from Google, such as labelling any unsecured login, password, or contact field without https as “Not Secure.” The next nudge coming in July isn’t going to be so gentle, and if you have a business website that doesn’t use an SSL certificate, I encourage you to get comfortable with a beverage of your choice – because you need to read this.
In July of 2018, Chrome, the browser created and maintained by Google, is going to label all websites that use http (in short, those that don’t add the “s” at the end with an SSL certificate) as “Not Secure.”
Every. Single. One. Right in the address bar for all to see.
If you run an informational website for your business, without commerce or contact forms, I’m sure you’re wondering what functional difference this makes to you. On the surface, it won’t make any. Your website will still come up and operate the same way it always has.
There are short and long term implications that are at play below these seemingly still waters though. Before moving on, we’d like to clarify something.
From here, we are speaking hypothetically
If you’re looking for just the facts of the here and now, and have made it to this point, you’ve got them. If you want to avoid this public shaming of an unsecured website before the update rolls out, you can browse our SSL certificate selection.
The information we will be discussing from this point is strictly hypothetical, but makes logical sense to us, as it could easily be adopted in the future.
We’re continuing because we feel these trains of thought have merit to you and your business, and are worth considering if you are still uncertain about whether you are going to get an SSL certificate for your website before July’s Chrome rollout for reasons of cost or value to your business.
The short term implications of Chrome 68
Let’s say you’re a contractor, and a prospective customer that knows nothing about websites who is searching for someone to remodel their kitchen finds you when searching on Google. They click on the link to your website, and when the URL switches in their browser, the first thing they see is that “Not Secure” warning staring them right in the face.
Doesn’t induce a lot of faith, does it?
How trustworthy do you think that is going to make you look on a first impression?
Frankly put, not very. A lot of people use Chrome as their browser of choice – around 60% according to statistical data (depending on who you ask), but maybe you’re thinking you’ll be able to ride this change out since the other 40% of people use Internet Explorer, Edge, Firefox, and Safari too.
If you’re thinking along these lines, I’m going to tell you this won’t last.
Mozilla, who maintains Firefox, supports HTTPS Everywhere, and has a tendency to follow suit with a lot of the changes Google makes. They even already have an icon that shows when a password form is insecure on their address bar. Expect them to launch a similar update either simultaneously or shortly after Google rolls theirs out in Chrome to test the waters.
Mozilla and Google play integral roles in a significant percentage of the Internet’s traffic. If these two titans stand together on this change, there is a reasonable chance that Apple and Microsoft will follow suit with Safari, Edge, and the limited versions of Internet Explorer that still receive support. Apple has already tried to push for this on iOS apps once; this would give them reason to try again with interest.
The long term implications of Chrome 68
The long game has been played one step at a time since 2014, and the question you should be asking yourself if you don’t have an SSL certificate on your website is “What are the next logical steps for Google to take in order to force this issue?” There are two we can think of that would make sense.
The first has to do with Search Engine Optimization (SEO). Google announced that having an SSL certificate on your website would be good for an SEO boost back in 2014. What do you suppose happens if they elect to penalize sites that don’t have one? Google has no real peers today when it comes to search engines, so a change like this would be extremely significant for any unsecured website.
The second has to do with website accessibility. When browsing the internet, I’m sure you’ve stumbled across a site or two that gives you a big error page alerting you to the fact that an SSL certificate has been configured incorrectly or that the site ahead contains malware and you are proceeding at your own risk.
Now imagine if these warnings came up on literally every http website.
Some of you might not have to imagine. Extensions and browser settings have existed for the last few years that do exactly that, and you may have even had this accidentally activated at one point or another in Chrome. In a world that already has a short attention span, that extra click or two would drive away prospective clients if it were to be implemented universally.
This move would be a calculated gamble, as a lot of people would be upset by feeling forced to spend time and money on configuring an SSL certificate for their website, but as we stated earlier, Google really doesn’t have any peers in their industry. What would you be able to do about it if they decided to do this tomorrow?
Realistically, the answer is not much.
Looking to get ahead of the game?
We offer a selection of Standard SSLs and Premium SSLs for websites you’d like to secure on Linux and Windows hosting plans. We also include standard SSLs with any website we design – call 319-229-5225 to learn how you can get started with a new, secure business website today!
Braden is one of the founders of Midwest Websites, and has been professionally writing and developing websites for over 7 years. His blog posts often take an experience from his life and showcase lessons from it to help you maximize online presence for your business.