WEBVTT

00:00:00.000 --> 00:00:04.800
Odds are that you use Google Chrome or a Chromium based browser, so you ought to know there's

00:00:04.800 --> 00:00:09.360
a change coming in September that's subtle, but very important. If you're watching this video

00:00:09.360 --> 00:00:14.080
on Chrome with a desktop or laptop, take a look at the upper left corner of your screen and you'll

00:00:14.080 --> 00:00:20.400
see a little padlock icon next to the URL. This indicates that the site you're on is using HTTPS,

00:00:20.400 --> 00:00:25.760
but Google has decided to retire the lock. But what the heck is HTTPS and why do we care about

00:00:25.840 --> 00:00:32.080
the lock icon at all? HTTPS stands for Hypertext Transport Protocol Secure, and it's a variation

00:00:32.080 --> 00:00:37.120
of standard HTTP, which is the communications protocol that webpages use. Among other things,

00:00:37.120 --> 00:00:42.960
HTTP allows for basic but crucial functionality such as data retrieval, authentication,

00:00:42.960 --> 00:00:49.280
and the ability to click on links, which I've enjoyed. What makes HTTPS more secure is that it

00:00:49.280 --> 00:00:53.840
encrypts the links to whichever website you're using. What this does is keep any information

00:00:53.840 --> 00:00:59.120
that you send to the website, or that the site sends to you, from being read or seen by anyone

00:00:59.120 --> 00:01:04.080
intercepting it. This is especially important if you're using public Wi-Fi as these networks are

00:01:04.080 --> 00:01:09.680
often unsecured, meaning any unencrypted traffic can be read by an attacker connected to the same

00:01:09.680 --> 00:01:14.320
network. All they need is a freely available program called a packet sniffer. And even if you're not

00:01:14.320 --> 00:01:19.920
doing anything sensitive, HTTPS prevents the ability of third parties to modify your connection.

00:01:19.920 --> 00:01:25.600
For example, AT&T was caught several years ago injecting ads into users' browser sessions

00:01:25.600 --> 00:01:30.800
while they were connected to free AT&T hotspots at a major airport. I mean, I got time at an

00:01:30.800 --> 00:01:36.640
airport, but not that much time. Additionally, HTTPS enables security certificates. What these do

00:01:36.640 --> 00:01:42.320
is let you know that the website you're on matches the URL in the address bar, and that you're not

00:01:42.320 --> 00:01:47.600
on a potentially malicious site that's just spoofing the one you actually want to be on.

00:01:47.600 --> 00:01:52.880
Because of the obvious benefits of HTTPS, over 80% of websites now use it. But that's still

00:01:52.880 --> 00:01:57.600
a significant part of the web that doesn't. I mean, one in five? So why would Google be

00:01:57.600 --> 00:02:02.240
getting rid of an easy way to reassure you that the site you're looking at is using it?

00:02:02.240 --> 00:02:06.960
Although HTTPS is useful, it certainly isn't foolproof. I mean, how many cases have you heard

00:02:06.960 --> 00:02:11.520
of of identity theft or other personal information being stolen even though most websites use it?

00:02:11.520 --> 00:02:17.600
The thing is, any website can make use of HTTPS, including phishing sites or sites that

00:02:17.600 --> 00:02:21.680
will try to install malware on your PC. Remember that it only really prevents the

00:02:21.680 --> 00:02:26.720
interception of data and has no way of knowing if the site you're using has ill intent. But,

00:02:26.720 --> 00:02:31.520
unfortunately, it appears that that little padlock icon has lulled many a user into a

00:02:31.520 --> 00:02:37.520
false sense of security. According to Google, only 11% of users understand what the lock icon means,

00:02:37.520 --> 00:02:43.200
and it's a safe bet that many of that other 89% think that the lock means that a site is

00:02:43.200 --> 00:02:47.760
trustworthy, full stop. Google discovered this through research studies, in which a large number

00:02:47.760 --> 00:02:53.600
of users indicated that the lock icon meant that a hypothetical shopping site would be safe to use.

00:02:53.600 --> 00:02:59.280
But what if it wasn't safe to use? This confusion is precisely why Google says the lock icon needs

00:02:59.280 --> 00:03:05.200
to go. Instead, it's actually going to be replaced by something new, something they call a tune icon,

00:03:05.200 --> 00:03:10.560
circles and lines that represent setting sliders. Predictably, you'll be able to click on it,

00:03:10.560 --> 00:03:14.560
and it'll still give you information about the site's security certificate, as well as

00:03:14.560 --> 00:03:19.120
privacy and cookie settings, specifically for that site. Google believes that this will both

00:03:19.120 --> 00:03:23.920
encourage users to click and find out more about the site they're on, as well as stop them from

00:03:23.920 --> 00:03:28.400
automatically thinking the site is above board, lest you become the person that falls for the

00:03:28.400 --> 00:03:33.200
digital equivalent of one of those car warranty phone calls. It happens to the best of us.

00:03:33.200 --> 00:03:36.720
So thanks for watching, guys. If you liked this video, hit like, hit subscribe, and hit us up in

00:03:36.720 --> 00:03:40.480
the comments section with your ideas for topics that we should cover in the future.