Google's Chrome browser will label all websites containing text input fields as "Not Secure" starting from October.
In a bid to enhance internet security and protect users from potential risks, Google has been making strides to promote secure connections on the web. This initiative has seen the search giant mark all FTP sites as "Not secure" in its Chrome browser, primarily due to the lack of encryption in the FTP protocol.
FTP, or File Transfer Protocol, was implemented in the 1970s, long before the widespread existence of hackers, malware, and phishing sites. However, its unencrypted nature makes it vulnerable to eavesdropping and attacks, as data transfers are sent in plaintext without encryption.
Google's decision to mark FTP sites as "Not secure" is part of a broader effort to promote HTTPS and secure connections on the web. This policy was first implemented with the release of Chrome 68 in July 2018, when Google started labeling all HTTP sites as insecure. Over time, this policy extended to FTP sites because FTP does not support encrypted connections (unlike FTPS or SFTP).
When customers see the "Not secure" warning, they can expect to see the label written in red, followed by a gray information icon and the text "FTP is insecure." This warning helps protect users against interception and builds trust through visible security indicators in Chrome.
To remove the "Not secure" warning, site owners are encouraged to migrate from FTP to secure alternatives that use encryption (like HTTPS or secure FTP variants) and install valid SSL/TLS certificates if serving content via web protocols.
Google's action against Symantec's SSL certificates is another part of this ongoing effort. In Chrome 70, to be released on Oct. 23, 2018, Google will remove trust in all Symantec's old SSL certificates. This action will affect any certificate chaining to Symantec roots, except for the small number issued by the independently-operated and audited subordinate CAs.
EV SSL (Extended Validation SSL) certificates are crucial for businesses and organizations that handle sensitive data, as they provide a higher level of security and trust. These certificates are already widely used by websites such as Facebook, Messenger, Twitter, Pinterest, LinkedIn, Whatsapp, and email services, and can be obtained to secure FTP sites as well.
In conclusion, Google's initiative to promote secure connections on the web has seen the marking of FTP sites as "Not secure" and the removal of trust in old Symantec SSL certificates. This move towards a more secure web environment is a positive step towards protecting users' data and building trust in online interactions.
- The unencrypted nature of FTP, a protocol implemented in the 1970s, makes it vulnerable to cybersecurity threats like eavesdropping and attacks due to data transfers being sent in plaintext without encryption, which is why Google has marked FTP sites as "Not secure" in its Chrome browser.
- Google's policy of marking FTP sites as "Not secure" is part of a broader cybersecurity effort to promote HTTPS and secure connections on the web, encouraging site owners to migrate from FTP to secure alternatives like HTTPS or secure FTP variants for improved data protection.
