Chrome rolls out for all users ‘not secure’ markers on unencrypted pages

Google officially announced version 68 of the Chrome browser today, formalizing its plans to fulfill its past pledge to mark all unencrypted (non-HTTPS) pages as “not secure.” This move comes nearly two years after Chrome announced its slow-burning plan to promote the use of secured (HTTPS) pages across the browser.

In previous updates, the browser had already begun to mark critical HTTP pages — like those that collect bank and personal information — as “not secure.” But to move toward its goal of assumed security on its browser, Chrome announced today that it plans to begin removing the “Secure” marker on HTTPS sites this September and begin marking all unencrypted sites with a red “Not secure” marker this October.

Previously, according to Chrome, the number of HTTP sites across the internet was too high to feasibly mark all of the encrypted sites in this way, but with the increase of secured sites in the last several years, this feat has become more reasonable.

According to a Chrome Transparency Report that tracks encryption use on the browser between 2014 and 2018, the browser’s traffic from Android and ChromeOS have both seen increases in encryption rates (up to 76 percent protected from 42 percent for Android traffic and 85 percent protected up from 67 percent for ChromeOS.) The report also states that since 2014, when only 37 of the web’s top 100 sites on the browser used HTTPS as default, the number of protected top 100 sites in 2018 has risen to 83.

While these security updates from Chrome don’t appear to be a direct reaction to the security hacks in recent months, they are timely. Security, especially online, has become a particularly barbed topic following a number of bank, healthcare and election hacking incidents around the world.

“Secure” sites can’t ensure that your information is impenetrable, but Chrome says it plans to make continuing efforts in this space to ensure that its users have the most secure browser experience possible.

Google puts an end to Chrome extension installs from third-party sites

Google today announced a major change to its Chrome Web Store policy that aims to shield users from websites that try to fool them into installing their Chrome extensions. Until now, developers who publish their apps in the Web Store could also initiate app and extension installs from their own websites. Too often, though, developers combined these so-called “inline installs” with deceptive information on their sites to get users to install them. Unsurprisingly, that’s not quite the experience Google had in mind when it enabled this feature back in 2011, so now it’s shutting it down.

Starting today, inline installation will be unavailable to all newly published extensions. Developers who use the standard method for calling for an install from their site will see that their users will get redirected to the Chrome Web Store to complete the installation.

Come September 12, 2018, all inline installs of existing extensions will be shut down and users will be redirected to the store, too. Come December and the launch of Chrome 71, the API that currently allows for this way of installing extensions will go away.

“As we’ve attempted to address this problem over the past few years, we’ve learned that the information displayed alongside extensions in the Chrome Web Store plays a critical role in ensuring that users can make informed decisions about whether to install an extension,” James Wagner, the product manager for the extensions platform, writes in today’s update. “When installed through the Chrome Web Store, extensions are significantly less likely to be uninstalled or cause user complaints, compared to extensions installed through inline installation.”

As Wagner notes, inline installations have been an issue for a long time. Back in 2015, for example, sites that tried to deceive users into installing extensions by getting them to click on fake ads or error messages were the main issue.

Google is banning all cryptomining extensions from its Chrome Web Store

Google today announced that it will ban from its Chrome Web Store any and all browser extensions that mine crypto.

Mining cryptocurrencies in the browser isn’t the most efficient way for individuals to get rich, but if you are a developer and you get thousands of machines to mine for you, that equation changes in your favor. For the longest time, Google’s Chrome Web Store allowed for single-purpose mining extensions. That is, developers could publish extensions in the store that clearly stated their purpose and that had no other purpose than to mine.

As it turns out, 90 percent of extensions that mine crypto don’t comply with those rules. The lure of cheap Monero is simply too great for some developers, so they try to smuggle their mining scripts into what look like legitimate extensions. Some of those get detected and removed outright and some actually make it into the store and have to be removed. Google is obviously not happy with that, as it’s not a great user experience. Those extensions tend to use a good amount of processing power, after all.

So starting today, Google won’t allow into the Chrome Web Store any extension that mines cryptocurrencies, and starting in late June, all of the existing extensions will be removed. It’s worth noting that Google will still allow for blockchain-related extensions that don’t mine.

“The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome,” writes James Wagner, Google’s product manager for its extensions platform. “Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users. This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.”

Google’s on-by-default ‘Articles for You’ leverage browser dominance for 2,100 percent growth

When you’ve got leverage, don’t be afraid to use it. That’s been Google’s modus operandi in the news and publishing world over the last year or so as it has pushed its AMP platform, funding various news-related ventures that may put it ahead, and nourished its personalized Chrome tabs on mobile. The latter, as Nieman Labs notes, grew 2,100 percent in 2017.

You may have noticed, since Chrome is a popular mobile browser and this setting is on by default, but the “Articles for You” appear automatically in every new tab, showing you a bunch of articles the company things you’d like. And it’s gone from driving 15 million article views to a staggering 341 million over the last year.

In late 2016, when Google announced the product, I described it as “polluting” the otherwise useful new tab page. I also don’t like the idea of being served news when I’m not actively looking for it — I understand that when I visit Google News (and I do) that my browser history (among other things) is being scoured to determine what categories and stories I’ll see. I also understand that everything I do on the site, as on every Google site, is being entered into its great data engine in order to improve its profile of me.

Like I said, when I visit a Google site, I expect that. But a browser is supposed to be a tool, not a private platform, and the idea that every tab I open is another data point and another opportunity for Google to foist its algorithms on me is rankling.

It has unsavory forebears. Remember Internet Explorer 6, which came with MSN.com as the default homepage? That incredible positioning drove so much traffic that for years after (and indeed, today) it drove disgusting amounts of traffic to anything it featured. But that traffic was tainted: you knew that firehose was in great part clicks from senior citizens who thought MSN was the entire internet.

Of course the generated pages for individual users aren’t the concentrated fire of a link on a major portal, but they are subject to Google approval and, of course, the requisite ranking bonus for AMP content. Can’t forget that!

But wherever you see the news first, that’s your news provider. And you can’t get much earlier than “as soon as you open a new tab.” That’s pretty much the ultimate positioning advantage.

Just how this amazing growth occurred is unclear. If there’s been any word of mouth, I missed it. “Have you tried scrolling down? The news is just right there!” It seems unlikely. My guess would be that the feature has been steadily rolling out in new regions, opting in new users who occasionally scroll down and see these stories.

And unlike many other news distribution platforms, there isn’t much for publishers or sites like this one to learn about it. How are stories qualified for inclusion? Is there overlap with Google News stuff? What’s shown if people aren’t signed in? I’ve asked Google for further info.

Do you, like me, dislike the idea that every time you open a tab — not just when you use its services — Google uses it as an opportunity to monetize you, however indirectly? Fortunately, and I may say consistent with Google’s user-friendliness in this type of thing, you can turn it off quite easily — on iOS, anyway.

Open the menu at the top right of any tab and hit settings. There should be a “Suggested articles” toggle — disable that and you’re done. While you’re at it, you might just head into Privacy and disable search and site suggestions and usage data.

On Android? You’ll have to dig into the app’s flags and toggle the hidden setting there. Not as user-friendly.

Chrome will soon mark all unencrypted pages as ‘not secure’

 Google’s Chrome browser will soon flag every site that doesn’t use HTTPS encryption. Starting in July, with the launch of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’ and prominently highlight this in its URL bar. Over the course of the last few years, Google has strongly advocated for the use of HTTPS to help keep your browsing data safe from anybody… Read More