Chrome: all HTTP==insecure

This week Google / Chrome have marked all HTTP sites as insecure.

If you look at present day politics you might think public shaming is no longer an effective tactic, but hey.  The downside is that if you have not turned on your HTTPS with a site encryption certificate, and the Chrome alert drives away your customers and readers, that is a serious penalty to your existence on the internet.

Google did this with email in 2014 (was it that long ago?).  Back in those bad old days, up to half of the email to/from Gmail was unencrypted.

Public shaming seems to have worked, a report on % of emails encrypted handled by Gmail shows today it’s running between 85 and 90%.  Note in 2014 it was well below 50%.;series:outbound&lu=encrypt_out

Screen Shot 2018-07-27 at 9.59.18 AM.png

There is a curious anomaly on Oct 14, 2014 where it dropped to 50% briefly, but at least in part due to Google’s insistence and public shaming of other mail providers, much more of email is protected against unauthorized viewing (let’s call it disclosure).

Screen Shot 2018-07-27 at 10.03.37 AM.png

There is a similar report for HTTPS, but I’m not sure what to make of it.  There seems to be a dropoff in encrypted traffic for web pages; perhaps this is driving the current movement:

If you have not already done so, a search for “free SSL certificates” and install one (there are many free sources); otherwise Chrome browser will tell everyone your site is bad to the bone.