Microsoft Edge browser is trying harder to offer clarity about websites that sport the HTTPS suffix. This is because sporting the ‘Lock’ icon is no guarantee about the trustworthiness of a website.
After Google Chrome, Microsoft Edge is now distancing itself from the iconic “Lock” symbol. Websites that had adopted the HTTPS protocol had automatically earned the symbol, but no website should be trusted blindly.
Microsoft Edge to include human-readable information about the websites with HTTPS suffix:
The HyperText Transport Protocol or HTTP is not safe. By its very nature, websites that use HTTP are vulnerable to all sorts of “Man in the Middle” attacks, espionage, etc.
The simple reason is information that travels between the remote server and the Internet user is unencrypted. Threat actors can easily intercept such information and poison the same.
Microsoft Edge to add automatic HTTPS option for all domains https://t.co/tDvkzE2gbz
— Jonathan Cilley (@jonathan_cilley) August 23, 2021
To overcome the limitations of HTTP, HTTPS arrived. Technical jargon aside, HTTPS encodes information in transit. Interceptors will only receive “garbled” information when Internet users visit any website with HTTPS suffix.
Following the widespread adoption of HTTPS, web browsers started showing a “Lock” icon beside the name of the website. This icon denoted the website had HTTPS enabled, and information would be encrypted.
HTTP Nowhere by Chris Palmer @fugueish
A Chrome Extension to Upgrade (or Stop) Non-Secure Requests.
HTTP Nowhere upgrades non-secure web connections to secure: it upgrades HTTP URLs to HTTPS.#https #browser #ChromeExtension https://t.co/FOuWj4mrsx pic.twitter.com/t3aPm7uZCw
— Pablo Lara H (@pablolarah) September 8, 2021
However, several malicious websites started to abuse the trust that the Lock icon generated in the minds of Internet users. Simply put, merely flaunting the Lock icon is not an indicator of the website’s trustworthiness.
Google Chrome was the first web browser to understand the potential pitfalls of the Lock icon. Now Microsoft’s web browser is gradually distancing itself from the same.
Microsoft Edge seems to be taking an additional step ahead. Dev and Canary Builds of Microsoft Edge now contain a feature that could offer more information about websites with HTTPS suffix.
Microsoft Edge could have a toggle that offers more information about HTTPS websites:
Microsoft is reportedly working on making the information in the site information pop-up more useful. The browser’s experimental builds have an option to show additional information about the website.
The About section of the website resides behind the Lock icon. Moving ahead, the Microsoft Edge browser will source information about the website from sources like Wikipedia. The information will also include links to the website’s social media pages.
Previously, the About section offered technical information about the website. This included the validity of the Secured SSL certificate, Cookies in use, and settings about the website.
The potential trouble lies in the wordings that accompany any website with an HTTPS suffix:
“Connection is secure”
“Your information (for example passwords or credit card numbers) is private when it is sent to this website”
Needless to mention, these seemingly reassuring words can inadvertently develop trust about a malicious website simply because of the HTTPS suffix. The Chromium-based browser is now attempting to enlighten Internet users, hoping they make the right decision with regards to trust.