Google has already used Cybersecurity Awareness Month to announced details of a new bug bounty program for Android apps, as well as a new Advanced Protection Program for G Suite users. Now the company has reveal that most web traffic in its Chrome web browser is protected by HTTPS.
The precise figures vary from platform to platform — with ChromeOS and macOS faring the best — but between 64 and 75 percent is now secured. Google humblebrags about the results of its mission to “secure the web, one site at a time,” after opting to mark non-encrypted pages as being insecure.
Both ChromeOS and macOS now have more than three quarters of Chrome traffic protected by HTTPS, while on Windows the figure is 66 percent. For Android, the figure drops to 64 percent, but there have been increases in the use of encryption for all platforms.
Google highlights the following statistics:
- 64 percent of Chrome traffic on Android is now protected, up from 42 percent a year ago.
- Over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on Chrome OS a year ago
- 71 of the top 100 sites on the web use HTTPS by default, up from 37 a year ago
The company says that its decision to mark non-HTTPS sites as insecure help to drive these figures up:
About a year ago, we announced that we would begin marking all sites that are not encrypted with HTTPS as “not secure” in Chrome. We wanted to help people understand when the site they’re on is not secure, and at the same time, provide motivation to that site’s owner to improve the security of their site. We knew this would take some time, and so we started by only marking pages without encryption that collect passwords and credit cards. In the next phase, we began showing the “not secure” warning in two additional situations: when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
To encourage more site owners to migrate to HTTPS, Google points out that Let’s Encrypt — which it sponsors — is free. The company also says: “Google also recently announced managed SSL for Google App Engine, and has started securing entire top-level Google domains like .foo and .dev by default with HSTS. These advances help make HTTPS automatic and painless, to make sure we’re moving towards a web that’s secure by default.”