If you’ve been using Google Chrome for a while, you already know that the browser is already actively fighting against non-SSL/TLS-encrypted sites (and downloads). Technologies better known to a majority of Internet users by their consequences on navigation: secure sites (favoured by Google Chrome) are sites whose address begins with HTTPS (with an “S” for “Secure”).
Access to sites and downloads that do not use encryption (HTTP) becomes more complicated as Google Chrome updates follow one another. So if you visit an HTTP site with your current version of Chrome, you will be left with an error page that alerts you that the site you are about to visit is potentially dangerous. By following a few links it is still possible to access the sites in question.
Google continues to fight insecure HTTP sites
But the option is not necessarily easy to find if you do not know it. Similarly, Google Chrome gradually complicates downloading without a certificate allowing the use of HTTPS, even if the latter come from HTTPS sites via a similar process. The browser also forces sites to display their HTTPS version as soon as possible. Other competing browsers like Firefox are gradually following in Google’s footsteps on the issue.
Proof of the influence of the browser published by the firm (it holds nearly 60% market share in France) – and its ability to shape web standards. The idea behind this strategy is quite commendable on the whole: Google has the ambition, thus, to make the web safer, and to complicate the task of pirates. When the connection is secure, it becomes almost impossible to intercept and spy on the data exchanged between the sites and the Internet user.
More recently, Google Chrome has started to display an error message when downloading HTTP via sites whose address begins with HTTPS. However, clicking on an HTTPS download link from an HTTP site is still possible so far without triggering the appearance of an error message. However, with Chrome 111 whose beta versions will be linked by March, downloads via HTTP sites (without S) will all be blocked by default.
And you will have to follow a series of clicks to bypass the blocking imposed by Google. It is not certain that the measure significantly improves overall web security. Indeed, even though the use of HTTPS is recommended, hackers and other cybercriminals are now launching more and more sites, and others landing pages in connection with scams and other phishing campaigns using the HTTPS protocol to put their victims in trust.
