Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Safari Chrome Security The Internet Apple

Safari Tests 'Not Secure' Warning For Unencrypted Websites (cnet.com) 66

Similar to Chrome, Apple's Safari browser is testing a warning system for when users visit websites that aren't protected by HTTPS encryption. "The feature for now is only in Safari Technology Preview 70, a version of the web browser Apple uses to test technology it typically brings to the ordinary version of Safari," reports CNET. From the report: Apple didn't immediately respond to a request for comment on its plans for bringing the warning to mainstream Safari. Apple's browser does warn you already if you have an insecure connection to a very sensitive website for typing in passwords or credit card numbers.
This discussion has been archived. No new comments can be posted.

Safari Tests 'Not Secure' Warning For Unencrypted Websites

Comments Filter:
  • I've pre-paid for a few years on a shared-hosting plan. Since I don't have a dedicated IP address, that means my little blog doesn't have an SSL certificate. I've got 2-factor authentication turned on, so I'm not super-worried about credentials being intercepted... is there anything else I really need to worry about?
  • by ewibble ( 1655195 ) on Wednesday November 14, 2018 @09:07PM (#57646670)
    I don't see why a self signed certificate gets a warning, but http doesn't it is no less secure. An Icon saying it is less secure should be enough (say you may not be going to the site you expect). It is really annoying that you have to pay someone a recurring fee just to add a little security. Even worse for routers that don't have a DNS entry, you have to start managing your own certificates.
    • I don't see why a self signed certificate gets a warning, but http doesn't it is no less secure.

      A self-signed certificate gives a false sense of security, whereas the http: scheme gives a true sense of insecurity. A true sense is better than a false sense.

      It is really annoying that you have to pay someone a recurring fee just to add a little security.

      Every domain name registrant is entitled to a reasonable number of certificates [letsencrypt.org] from Let's Encrypt without charge. Or by "someone" do you refer to Gandi, Namecheap, Amazon Route 53, and other domain name registrars?

    • It is really annoying that you have to pay someone a recurring fee just to add a little security

      You don't. Either get a free certificate, or add your own self-signed root certificate to the trusted store in all your devices and you won't get a warning again.

      Certificates serve for more than encryption. They also serve for identification. This is precisely why self-signed certificates get a warning as it breaks one of the two fundamental points of security:
      1. You know who you are talking to.
      2. You know no one else is listening.

      But in principle I agree, unencrypted information should be called out, but e

    • by AmiMoJo ( 196126 )

      Let's Encrypt offers free certs. You can install your own trusted root cert on your own machines for stuff like routers.

  • by nyet ( 19118 )

    It should also warn if it detects corp MITM with forged root CA and wildcard certs.

  • I do not understand why Apple neglects Safari's development so much. It is years behind Chrome, and the only reason why it's market share is still that high is probably that iOS users simply have no alternative.

    If you ever tried to get involved into the development process of webkit you will soon understand why Safari has become the worst browser around. I posted a couple of bug reports over the last few months and the reaction I got was zero, absolutely nothing. During the same period I wrote some bug re
    • It's all part of their plan to make the worst browser in the world. It's hard to do - Microsoft have had two goes at it, and have generally done pretty well. Apple are trying pretty hard with Safari, and all 8 of it's users are providing them valuable feedback. Meanwhile, Apple are adding naggons to OSX so that you can never quite be free of Safari - and never quite being free of the worst browser is indeed one of it's finest features (see: IE).

      Fun anecdote: Yesterday, Firefox got its knickers in a twist, a

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...