Every day we visit a large number of web pages through which we send all kinds of information through “forms”. If the web page is secure, that is, it works through HTTPS, we have no problems, since all that information travels in encrypted form from our computer to the server, and nothing and nobody can intercept or modify the information. However, when the web is insecure, or the form is mixed (that is, an HTTP form within an HTTPS web), things change, our data does not travel secure and can be intercepted or modified. To avoid this, Google Chrome has introduced a new security measure that will help us avoid sending our data in an insecure way.
Until now, when the Google browser detected an insecure web page, it showed in the URL the typical padlock icon that indicated that the connection was dangerous. However, this message was going unnoticed by most users, posing an increasing danger.
New, more aggressive notices for insecure websites in Chrome
Therefore, as of Google Chrome 86 , a version that is currently in Canary branch (in development), when the web browser detects an insecure web, or an insecure form, it will protect us in this way:
- The browser will disable auto-fill , to avoid filling the form, or the text boxes, with personal information by mistake.
- When writing in it we will be able to see a message that will indicate that the form is not secure .
Also, if we try to submit the form, we will see a warning message in the browser , similar to the one we see when visiting dangerous or malware websites, which we will have to accept to send the information. And, in addition, the “go back” button will be highlighted in blue, to avoid clicking by mistake.
Being a change within Chromium, it is likely that we will see this security measure in other browsers that use this engine, as is the case with the new Edge.
Ending the dangers of HTTP is vital
Today, anything that is not encrypted on the web is exposed . Hackers can see the information, capture it, and even modify it. All connections, including DNS requests, are on the way to always being encrypted by default. Therefore, it does not make sense that some websites continue to use insecure protocols, and without encryption, such as HTTP. And unfortunately, there is nothing we can do to prevent it.
Protecting a website and all its connections depends mainly on the developers. They are the ones who have to enable and configure HTTPS , something that, fortunately, can be done completely free of charge thanks to platforms like Let’s Encrypt that allow you to obtain free HTTPS certificates . But, if the web developer does not do it, the only thing we can do is leave their website and find another that is safe.
Of course, we remember that HTTPS does not mean that the web is 100% safe and reliable . It only indicates that the connections travel encrypted and secure over the network. But it does not imply anything else. An HTTPS website can perfectly be a website controlled by a hacker. All you need is to install a free certificate to try to “fool” users.