A Novel Way To Discourage HTTP: Make It Ugly
Ugly HTTP Extension Makes HTTP Pages Dreary.
We are always writing about the ways Google is making HTTPS better and discouraging people from sticking with HTTP. Its latest effort is marking HTTP pages that contain login/credit card forms as “Not Secure.”
But what if Google made its treatment of HTTP way more aggressive?
That’s exactly what Lucas Garron, a security engineer working on Chrome, thought to do. Garron is behind important SSL/TLS work such as Chrome’s HSTS preload list, and some of the browser’s security UX.
This week, Garron released an extension for Chrome with a new approach. Named “Ugly HTTP,” the extension desaturates the colors on any HTTP page, revealing the dreary reality of the unencrypted web. If you prefer to ugly-ify HTTP a different way, the extension supports other options such as hue inversion, sepia tone, and overexposure.
This is more silly than serious. It’s beyond unlikely that Chrome would adopt this as an official treatment of HTTP. Though, if they could figure out a way to target webmasters who keep pushing an HTTPS migration further down their calendar we would support it.
This isn’t the first time a developer has thought of making the threat of HTTP much more apparent and annoying. April King, who works on Firefox, wrote her own extension with very similar behavior to Ugly HTTP for Firefox. Eric Lawrence, another Chrome engineer, developed an extension that highlights HTTP links in red and inverts images loaded over HTTP.
It looks like security engineers share the same hobbies!
If you want to make HTTP ugly in your browser, you can download Garron’s extension from the Chrome web store. Since the extension requires the ability to read and change all data on all sites you visit, it may comfort you to know it is open source and available on Github.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown