Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
8/13/2018 | 11:37:53 AM
Re: Internet bullying.
You both make some valid points; but I think the choice of vendors is less free than assumed.  There are certainly restrictions in the corporate and academic environments (some choices are not allowed, others forced - as they are necessary to certain, required, applications).  Even for individuals, many will use the browser best suited to their OS, or will choose to stay with their OS's browser so as not to provide even more data to yet another IT mega-corporation.  Are you going to go through the process of reconfiguring and learning new habits, every time your current browser vendor changes its policies or practices (assuming you'll even be aware of it)?  Maybe "bullying" isn't the right word, but "heavy-handed" - definitely. 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
8/13/2018 | 11:09:44 AM
Re: Who decides?
There are just too many self-serving motivations for any individuals or corporate, political or activist entities, to be trusted with being the guardians of the cyber-universe, to dictate what is or isn't moral, ethical or otherwise acceptable behavior.  Yet, there is a dire need to hold individuals, groups, transient associations and other entities responsible for clear violations of the most fundamental principles of moral and ethical behavior.  Perhaps the problem lies in the tendency to redefine those traditional principles to suit whatever self-serving motivations currently serve us best.     
dmatos123
50%
50%
dmatos123,
User Rank: Apprentice
8/13/2018 | 10:40:08 AM
Re: Internet bullying.
I guess we'll agree to disagree on this.  My thoughts on a browser update regarding a security alert doesn't amount to bullying.  Users are free to download and use any other browser besides chrome.  If, on the other hand, google had a monopoly on browsers, the point could be made that it's heavy-handed.  
BPID
0%
100%
BPID,
User Rank: Strategist
8/9/2018 | 6:09:02 PM
Re: Internet bullying.
It is not the site which is insecure, but the communucations: from your browser to that site which, by the way Google is monitoring and deciding good/bad. Reality is the internet is not secure. We see daily sites and large corporations, Experion, Target, Facebook, etc., for example, as having HTTPS and insecure with data breaches. Facebook having HTTPS is before congress to explain why they are insecure.

A notification that any data to and from a site is not secure, means that Google is monitoring users activity. That alone should make you nervous. If it finds a site without HTRTPS, it can exclude it from it's search engine. That should be sufficient. But Google doesn't define insecure as having poor data security it defines dangerous as not having HTTPS.

Google is, in it's own discretion, is marking innocnt users of the internet as insecure and also in it's own hubris decided that it is the internet's sole policeman. If it wants to define a site as insecure it should strt with sites that don't protect data.
dmatos123
50%
50%
dmatos123,
User Rank: Apprentice
8/9/2018 | 1:44:54 PM
Re: Internet bullying.
I disagree.  The reality is that "normal" users have little insight into what HTTPS means vs HTTP and how the transmissions differ regarding their personal and identifying information when using the web.  An extra click or so to get to the content of an "insecure" site which also advises users that a site isn't secure is good for everyone.  It forces sight owners to comply with basic security measures to protect user information in transit - especially in light of today's environment.  It also educates users on the inherent threats in HTTP.  To claim censorship is stretching a bit.  #IMHO
BPID
25%
75%
BPID,
User Rank: Strategist
8/9/2018 | 1:17:10 PM
Internet bullying.
There is no doubt that securing data in transmission is a good thing. However. Google's dominant position does not give them the right to block or interrupt a user from reaching any site.

Though you may give your browser instructions to bypass their "WARNING" it still amounts to disruption of business, and a form of censorship.

In simple terms, no matter how good the intention, Google is bullying. It is internet bullying; it is a form of censorship and no matter who or why it is wrong to deny or impede legitimate and legal entities from conducting discource.

 


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...