{"id":3501,"date":"2017-02-10T09:30:01","date_gmt":"2017-02-10T14:30:01","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=3501"},"modified":"2017-06-01T17:28:07","modified_gmt":"2017-06-01T21:28:07","slug":"ugly-http","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/ugly-http\/","title":{"rendered":"A Novel Way To Discourage HTTP: Make It Ugly"},"content":{"rendered":"<h2>Ugly HTTP Extension Makes HTTP Pages Dreary.<\/h2>\n<p>We are always writing about the ways Google is making HTTPS better and discouraging people from sticking with HTTP. Its latest effort is <a href=\"https:\/\/www.thesslstore.com\/blog\/firefox-chrome-warning-about-insecure-login-pages\/\">marking HTTP pages that contain login\/credit card forms as \u201cNot Secure.\u201d<\/a><\/p>\n<p>But what if Google made its treatment of HTTP way more aggressive?<\/p>\n<p>That\u2019s exactly what Lucas Garron, a security engineer working on Chrome, thought to do. Garron is behind important SSL\/TLS work such as <a href=\"https:\/\/hstspreload.org\/\"rel=\"nofollow\">Chrome\u2019s HSTS preload list<\/a>, and some of the browser\u2019s security UX.<\/p>\n<p>This week, Garron released an extension for Chrome with a new approach. Named \u201c<a href=\"https:\/\/chrome.google.com\/webstore\/detail\/ugly-http\/mlneofdamjbcmahdcjjbmbjomedanhal?utm_source=chrome-app-launcher-info-dialog\"rel=\"nofollow\">Ugly HTTP<\/a>,\u201d the extension desaturates the colors on any HTTP page, revealing the dreary reality of the unencrypted web. If you prefer to ugly-ify HTTP a different way, the extension supports other options such as hue inversion, sepia tone, and overexposure.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3504\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/02\/UglyHTTP.png\" alt=\"Ugly HTTP\" width=\"975\" height=\"609\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/02\/UglyHTTP.png 975w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/02\/UglyHTTP-300x187.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/02\/UglyHTTP-768x480.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/02\/UglyHTTP-480x300.png 480w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><\/p>\n<p>This is more silly than serious. It\u2019s beyond unlikely that Chrome would adopt this as an official treatment of HTTP. Though, if they could figure out a way to target webmasters who keep pushing an HTTPS migration further down their calendar we would support it.<\/p>\n<p>This isn\u2019t the first time a developer has thought of making the threat of HTTP much more apparent and annoying. April King, who works on Firefox, <a href=\"https:\/\/twitter.com\/aprilmpls\/status\/829469209231032320\"rel=\"nofollow\">wrote her own extension<\/a> with very similar behavior to Ugly HTTP for Firefox.\u00a0 Eric Lawrence, another Chrome engineer, <a href=\"https:\/\/chrome.google.com\/webstore\/detail\/moartls-analyzer\/ldfbacdbackkjhclmhnjabngnppnkagh\/related?hl=en\"rel=\"nofollow\">developed an extension<\/a> that highlights HTTP links in red and inverts images loaded over HTTP.<\/p>\n<p>It looks like security engineers share the same hobbies!<\/p>\n<p>If you want to make HTTP ugly in your browser, <a href=\"https:\/\/chrome.google.com\/webstore\/detail\/ugly-http\/mlneofdamjbcmahdcjjbmbjomedanhal?utm_source=chrome-app-launcher-info-dialog\"rel=\"nofollow\">you can download Garron\u2019s extension from the Chrome web store<\/a>. Since the extension requires the ability to read and change all data on all sites you visit, it may comfort you to know it is <a href=\"https:\/\/github.com\/lgarron\/ugly-http-extension\"rel=\"nofollow\">open source and available on Github<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ugly HTTP Extension Makes HTTP Pages Dreary. We are always writing about the ways Google is making HTTPS better and discouraging people from sticking with HTTP. Its latest effort is&#8230;<\/p>\n","protected":false},"author":2,"featured_media":3503,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[17],"tags":[483,131,155,484,482],"class_list":["post-3501","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-lowdown","tag-chrome-extensions","tag-google","tag-google-chrome","tag-https-migration","tag-ugly-http","post-with-tags"],"views":7642,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/02\/iStock-179057012.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=3501"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3501\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/3503"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=3501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=3501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=3501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}