Over the weekend a Google engineer on Google’s Chrome development team made a powerful statement on Twitter listing four reasons why HTTPS is important to all web publishers and their site visitors. The Googler, Adrienne Porter Felt, is a software engineer and manager on the Google Chrome Security Team and is an authoritative voice on this issue.
1. HTTPS is Not Just About Google
“HTTPS is a foundational part of web security.”
Many people associate the move to HTTPS with Google. But the move to a secure Internet started in 1994 with Netscape when it invented the SSL protocol. Web publishers, eCommerce, Electronic Frontier Foundation, Browsers, web technology programmers are all invested in a secure Internet. Every publisher has a stake in the adoption of HTTPS and stands to benefit, even non-profit publishers who are informational and don’t serve advertising.
2. HTTPS Enables a Trouble Free Internet
“If everything is HTTPS, one less thing to bother users about.”
HTTPS is essential for creating an Internet that focuses on the user experience. Users should be able to access your website and see your advertising and buy your products without having to worry about your website, your advertising and paying for products online.
3. HTTPS Enables Browser Service Workers
Browser service workers are scripts that browsers run in the background to accomplish automatic tasks like push notification and background syncs. Background syncs are web APIs that allow you to accomplish tasks (like send a message or submit a response) without having to wait for a sketchy connection to push it through. It holds it in the cache and gets it done in the background, allowing you to get on with your life. HTTPS security is absolutely vital for Browser Service Workers. Web functionality today needs HTTPS in order to function safely and bring convenience to users.
Chrome Engineer Adrienne Porter Felt Discusses ServiceWorkers:
“ServiceWorkers are revolutionary. They make websites work offline or under flaky network conditions. They’re also too powerful to allow over HTTP. If we want the web to use ServiceWorkers, the web must use HTTPS first.”
The desired user experience is more like:
- Phone out of pocket.
- Achieve minor goal.
- Phone back in pocket.
- Resume life.
Unfortunately this experience is frequently broken by poor connectivity.
4. The Internet Should Be Safe
HTTPS ensures that the Internet is safe for everything that you do online. This is especially critical when your Android or iPhone identity is tied to passwords that are also associated with online wallets, registration to sensitive websites and so on.
If someone obtains your email password they are only one step away from obtaining a password to any bank, PayPal, Amazon, finance related account that is also tied to that email. All they have to do is initiate a password reset and they are in.
HTTPS helps keep your Internet transactions secure when you are in a public WiFi. HTTPS helps lock down your personal information and keep the Internet safe; one less thing to worry about.
Adrienne’s tweet explained it like this:
“From a business perspective, we want people to both feel and be safe online. If they enjoy the web — if it’s fun and reliable and SAFE — we hope they’ll spend time using our product (Chrome).”
HTTPS Protects Your Website
Many publishers remain unconvinced that there is any benefit to moving toward HTTPS. Some even call it a “browser fad.” They are mistaken. There are clear benefits to publishers in upgrading to HTTPS.
A secure connection keeps a third party like an ISP or public WiFi from injecting ads onto your website. HTTPS insures a better user experience and assures that you are the only one monetizing your website.
Full Text of Tweet:
1) Many people on the Chrome team are personally passionate about web security. HTTPS is a foundational part of web security. It’s a grassroots effort that worked hard to get leadership support.
2) We don’t think people know or care about the difference between HTTP and HTTPS. Security indicators are nigh impossible to get perfect. If everything is HTTPS, one less thing to bother users about.
3) ServiceWorkers are revolutionary. They make websites work offline or under flaky network conditions. They’re also too powerful to allow over HTTP. If we want the web to use ServiceWorkers, the web must use HTTPS first.
4) From a business perspective, we want people to both feel and be safe online. If they enjoy the web — if it’s fun and reliable and SAFE — we hope they’ll spend time using our product (Chrome).
Image by Shutterstock, modfied by Author