Google Chrome to Label All Non-Encrypted Text Forms as "Not Secure" Starting October
In a bid to enhance online security, Google has taken significant steps to warn users about insecure connections and protocols. One such example is the marking of FTP (File Transfer Protocol) sites as "Not Secure" starting with Chrome 63, released in December 2017.
FTP, implemented in the 1970s, was designed before the widespread existence of security threats. As a result, it transmits data, including login credentials, in an unencrypted format, making it susceptible to network sniffing attacks. Since FTP does not provide encryption, any data sent over FTP can be intercepted and read by attackers, posing significant security risks.
To discourage the use of this insecure protocol and encourage transition to encrypted alternatives like SFTP or HTTPS-based file transfers, browsers like Google Chrome began explicitly warning users by labeling FTP sites as "Not Secure."
Google's commitment to security was further evident in its decision to remove FTP support from Chrome entirely in version 88, released in January 2021. This move reflects a trend away from FTP in modern browsers to improve user security.
In another development, Google announced that it would remove trust in all Symantec's old SSL certificates in Chrome 70, to be released on Oct. 23, 2018. This decision affects any certificate chaining to Symantec roots, except for a small number issued by independently-operated and audited subordinate CAs. This includes HTTP sites with comments and search boxes, as well as sites visited in Incognito mode.
Google's actions underscore the importance of secure connections in today's digital world. To avoid being marked "Not secure," websites need to migrate to HTTPS, where the "S" stands for "Secure." This shift is crucial in protecting sensitive user data and maintaining trust in the digital ecosystem.
[Sources] [1] Google Chrome Developers. (2017, August 30). Marking HTTP as non-secure. Retrieved from https://developers.google.com/web/updates/2016/09/deprecating-support-for-passwords-on-insecure-origins [2] Google Chrome Developers. (2021, January 12). FTP support deprecated. Retrieved from https://developer.chrome.com/docs/deprecations/ftp-support-deprecated/ [3] Google Chrome Developers. (2018, September 18). Removing trust for Symantec-issued certificates. Retrieved from https://developers.google.com/web/updates/2018/09/removing-trust-for-symantec-issued-certificates
- The File Transfer Protocol (FTP), invented in the 1970s, was designed before the widespread existence of security threats and transmits data in an unencrypted format, making it vulnerable to network sniffing attacks.
- Google's decision to remove FTP support from Chrome entirely in version 88 highlights the trend away from insecure protocols like FTP in modern browsers, as part of their commitment to improving user security.
