“A milestone for Chrome security: marking HTTP as ‘not secure’”

I find this a bit disappointing. While I understand the benefits of moving the web towards ubiquitous encrypted transport, plain HTTP is the lingua franca of the web. Regardless of how easy it’s become to obtain a certificate—I did this earlier this year on this site—it’s another barrier to putting up a site. Besides, Google’s warning will scare some inexperienced users, who might interpret “not secure” to mean that they’re on a dangerous site, perhaps one with some kind of malware. I think this is probably a step too far.

I’ve been using Firefox lately, for the first time in many years. Its new engine is quite fast, and I’ve been enjoying my time with it. I made it my primary browser a few weeks ago, and so far it’s stuck. I’ll post more about my thoughts on Firefox later, but it’s also a nice benefit that its users aren’t being subjected to “not secure” warnings for sites that haven’t adopted HTTPS.