Three-quarters of consumers are aware of the risks of visiting a website, but only a third look for the green address bar.
According to research of 6,000 consumers by GlobalSign, 20 per cent of those surveyed think that the internet is a completely unsafe place, but do take into account other factors to assess the trustworthiness of a website, such as how quickly the site loads and works (43 per cent), whether the site contains well-known brands/products (25 per cent) and if the site looks professional and well designed (16 per cent)
This week saw the announcement by Google’s Chromium project that it intends to devise and begin deploying a transition plan for Chrome in 2015, the goal of which is to more clearly display to users that HTTP provides no data security.
“We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the user agent should explicitly display that, so users can make informed decisions about how to interact with an origin,” it said. “Ultimately, we can even imagine a long term in which secure origins are so widely deployed that we can leave them unmarked (as HTTP is today), and mark only the rare non-secure origins.”
Simon Wood, UK CTO of GlobalSign, said that this move will help to raise awareness around HTTPS amongst consumers, with its research finding that nearly 30 per cent of UK consumers don’t know what HTTPS means.
“We’re used to seeing regular incremental updates from Google, such as the recent Certificate Transparency project which kick-started a race amongst CAs to become compliant,” he said.
“This will, however, significantly impact small site hosting service providers in particular, creating extra work to ensure their customers have the support they’ll require. Since larger providers are regularly using at least basic DV certificates, they won’t be as affected.”
Jerome Segura, senior security Researcher at Malwarebytes, said: “This is not unexpected from Google, as not too long ago they announced that they would rank HTTPS sites higher than those with plain HTTP. It also goes along Google’s mission to provide ‘end-to-end’ encryption, something it has taken even more seriously following the revelations about the NSA’s snooping capabilities.
“SSL certificates are easier and cheaper to implement than they used to be. Certainly, Google’s decisions can sometimes be seen as unilateral and drastic but in this particular case, the notifications would be seen by people using the Chrome browser only. Overall the internet is still relying on old standards that have a bad habit of staying around for longer than they should, so such measures, even if they first look a bit of an over action actually make sense to bring better security to the masses.”
The research from GlobalSign revealed that 96 per cent of website visitors would not continue with a purchase if they saw an invalid SSL certificate, while 75 per cent would close the page if it had a secure connection with unsecure elements.
Rik Turner, senior analyst at Ovum, said: “The Google thing doesn’t really surprise me, given their very public endorsement of encryption earlier this year. I agree they may be rather scaremongering somewhat, but probably not that much, given what we now know about how much data is being pilfered right, left and centre.”