Chrome begins to warn users if sites are insecure. So, now what?
Your connection to this site is not secure, is perhaps one of the scariest messages a normal internet user can see right before they close their tab and move on. What does this mean to an online business? Lost client, customer or user.
For years sites have been serving their non-sensitive content over open protocols but in the recent years this has started to change, especially when Google announced that it would soon start warning users of non secure sites back in 2014. Now, it’s two years on and Google Chrome has started to do so, but very subtly to start with.
To a trained person, this is not very important on sites that simply transmit non-private content, but to an untrained eye this can be very scary, especially if the warning sign becomes more obvious (which will inevitably increase the bounce rate).
To reduce the number of sites using non-secure protocols Google had to find a way to do that, and hence it went ahead and encouraged site owners to move their sites to secure protocols to positively impact their SEO. Has that worked? The short answer is YES, but sadly the long answer will conclude something different.
Looking at the data provided by BuiltWith, out of the top one million websites on the internet, only 9.2% currently use SSL by default, although this is still a huge jump compared to this time last year, which stood at 2.9% and its simply not fast enough — hence why I personally believe Google is pushing this.
Why the slow growth?
There could be many reasons for this, generally because moving onto SSL costs money and time. There are also other considerations but the majority are out dated considerations, such as developers assuming TLS/SSL will significantly slow down the load of the website, which is untrue, in-fact TLS has exactly one problem with its performance, its not being used widely enough.
There is also other considerations, as some sites just simply do not need to transmit their content through TLS/SSL as it is just not sensitive and not worth the move.
What’s next?
Unfortunately this is where website owners will face the hard truth, whether we like it or not, the push towards moving towards secure protocols will become more common as we see more security issues around the world and its very likely that Google will come out with a big red sign on Chrome if your site is served on an un-secure protocol. So my suggestion would be that if you own a site, go ahead and serve it through a secure protocol before it’s too late.