![]() ![]() ![]() ![]() When Chrome presents users with such a trust decision, we plan on ramping up warnings to users when these features are being used over connections to insecure origins. However, when the connection to a website is unauthenticated and unencrypted, these trust decisions aren’t bound to the intended site in a meaningful way. Over time, Chrome users are making an increasingly large amount of trust decisions when interacting with websites, whether by granting permissions for powerful web features, submitting personal information to a website, or downloading executable code. Better inform users when making trust decisions about sites over insecure connections.To guide our efforts going forward, we have created the following principles, which we will use to prioritize future work in this area: As long as a significant portion of browsing the web can only happen over HTTP, it’s important that we take steps to protect and inform users whenever we cannot guarantee that their connections are secure.Ĭontinuing from our past efforts to restrict new features to secure origins, we are taking further steps on our path of deprecating powerful features on insecure origins in order to mitigate the most privacy- and security-sensitive risks of using HTTP in Chrome. While strong progress has been made in increasing HTTPS adoption on the web over the past several years, there are still millions of sites that do not support secure connections over HTTPS, which means that support for HTTP isn’t going away in the foreseeable future. Practically speaking, this means restricting features to HTTPS in lieu of HTTP, especially for powerful web platform features. Protecting users’ privacy and security requires connecting to secure origins wherever possible. As browser users manage more and more of their day-to-day lives online, we (Chrome Security) believe they should reasonably expect that browsing and interacting with the web is secure and protects their sensitive information across their entire browsing experience. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |