Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.
Check out the top left of the address bar. You’ll see a padlock, meaning MakeUseOf is a secure site to visit. You should see these all over the internet.
But what happens if your browser says a website isn’t secure? Should you leave immediately? What does that padlock actually mean? And by refusing to visit unsecure sites, what are you missing out on?
What Does the URL Padlock Mean?
Google Chrome advises when a site is secure. That’s the way it’s been for a while—but now, the internet giant has changed tact, largely for the better.
Before, the mainstream browser viewed HTTP as the standard for websites. As of 2018, Chrome expects HTTPS as default, and if it’s not secure, visitors will see a warning sign.
HTTPS signifies that the site has an SSL or TLS certificate, meaning your link is encrypted. Any personal details sent between the host server and your device is rendered unreadable. You’re protected against man-in-the-middle (MITM) attacks, for instance, which hijacks data travelling between two terminals.
You should only be directed to genuine versions of the site too: cybercriminals can’t intercept your visit and present fraudulent pages to access your private information.
With a market share of around 60 percent, Chrome is the most popular browser. Google needs to prove itself reliable when it comes to securing your data in order to keep this monopoly.
When Should You Heed Chrome’s Warnings?
You can see why Google is keen to force as many sites as possible into using this security measure. It’s beneficial for the search engine; it’s beneficial for users. Encryption makes the internet safer.
What does this mean for you?
Everyone knows that you need a good level of security when using online banking. When visiting PayPal, you know to look for encryption. But you also need to check for this whenever you’re submitting private data.
People take payment details seriously, but not enough treat their usernames and passwords with the same concern. So whenever you’re signing up or logging into a website, the URL needs to begin with HTTPS.
Despite all advice, many use the same passwords across numerous platforms. Imagine if one site is compromised, and a hacker gets access to your details. Even if you just use that password for your social media accounts, you won’t like the idea of a stranger seeing all the personal information you keep on Facebook. With such access, they could predict your online actions and make educated guesses at other passwords.
Never underestimate the importance of Personally Identifiable Information (PII).
High-profile companies should already have SSL/TLS certificates. Smaller independent stores, however, may not. Google’s change of stance on the implementation of HTTPS at least means more online shops will look after your data.
Should You Ever Bypass Google’s Warnings?
That isn’t to say Chrome’s warnings are great for the internet entirely. In fact, some will find it crippling.
The internet is all about free enterprise. Amazon can become a marketplace giant, but there’s also room for the little guys—not just those trying to sell their wares but also anyone who just wants to share their thoughts on a personal blog. If you’ve run a small site for a few years, you might see your stats dropping off.
And that’s because, if you haven’t got an SSL/TLS certificate, your audience is instead faced with a page telling them your blog isn’t safe.
It seems unfair, particularly as encryption can cost. Yes, there are agencies doing it for free, but for anyone unfamiliar with this side of operations, they’ll probably be reliant on a host server. Many hosts offer HTTPS as a service… for a fee. They don’t always make installing a free SSL certificate easy.
We’re certainly not saying you should ignore Chrome’s warnings. But sometimes, it’s worth proceeding regardless.
If the site requires personal information, don’t submit anything without encryption. However, if you’re just reading a blog, you probably don’t need to worry.
Still, it’s important you don’t download anything from a destination you don’t know. This is how malicious software bypasses any security measures your browser uses like sandboxing. By installing something onto your device, you’re actively accepting its implications.
Make sure you know what you’re clicking before actually doing so!
How Else Can You Check If a Site Is Safe?
You can spot the tell-tale signs of a fraudulent site.
Bad spelling and punctuation is your first clue. Sure, some sites get away with it, but anything professional should have a copywriter working behind the scenes. If it’s a simple blog, quality will naturally vary; nonetheless, these sites shouldn’t ask you to download anything regardless.
If there’s a Contact page, look for how transparent a company is. Many will have a simple contact form, while others might list an email address. Some give an actual bricks-and-mortar address—not something to trust completely, but at least a good indicator.
You can also use the Google Transparency Report. Just click on Site status and paste a URL into the box. Google will then scan the site for unsafe elements, notably malware. The search engine has been known to slip up in the past, but it’s pretty rare. Otherwise, use a service which checks the veracity of links.
If you’re still not sure… don’t visit the website. It really is that simple.
Can You Trust SSL Certificates Absolutely?
No. Even Google admits:
“Anyone can create a certificate claiming to be whatever website they want.”
HTTPS is a good start, but it certainly doesn’t mean your data is entirely safe. And it definitely doesn’t mean you don’t need to worry about other security practices. Encryption makes the internet safer—but it doesn’t make it perfect. It’s the first line in an arsenal to use against cybercriminals who’re getting increasingly devious in their attempts to steal your personal data.