With HTTPS which realizes secure Internet communication by encrypting the contents of communication is being promoted globally. Mr. Troy Hunt, a security expert, points out that this situation has reached a tipping point where the trend of change rapidly grows.
Mr. Hunt first monitors the traffic of the Internet in October 2016 In Mozilla Telemetry , which shows that the page request sent via HTTPS exceeds 50% of the total, it shows the tide change.
The blue line of the graph shows the ratio of requests via HTTPS, which shows that the overall trend shows an upward trend of upward trend. However, although it is certain that this is one remarkable point, it is not always necessary to pay attention to that "half of all sites are receiving requests via HTTPS". That's why most of the traffic is for major class sites like Facebook, Twitter and Gmail. Nonetheless, it seems to be said that it is a tough fact that the trend to HTTPS is born.
Data that supports such a trend is also made public. Alexa , which analyzes traffic on the Internet, periodically investigates how much of the websites on the net redirects users' access from HTTP to HTTPS. As a result, as shown in the graph below, it is clear that the redirect ratio once in the 6% range has increased to 18.4% in February 2017. Here you can see that it is a situation of rising upwards more than the graph above.
In addition, security measures at the browser level are being promoted is also one of recent trends. Mr. Hunt is investigating the actual condition of various sites and proposing correspondence, and it explains by example of Qantas Airlines of the airline.
When Mr. Hunt attempted to log in to the frequent flyer program account on the Qantas Airlines site, the message "Not Secure" was displayed on the URL bar. Mr. Hunt says, "I clearly sell fight for Qantas!", But he points out that it is important to reveal the fact that sufficient security has not been provided on the account login page. Please note that this screen was accessed with Chrome 56.
Furthermore, Mr. Hunt who makes public the screen when accessing with Firefox 51. In the case of Firefox, a key mark with a red diagonal line is shown next to the URL and it is obvious that it is not secure. If such a state is exploited, the customary means of hacking man-in-the-middle attack (Man-in-the-Middle: MitM) There is a danger of being on the springboard.
In another case, Mr. Hunt is referring to the time when he connected to Wi-Fi provided at the hotel's accommodation. When I launched a browser and tried to access CNN's site, it took redirect processing.
The hotel Wi-Fi login page was displayed. In such a case, the cookie information sent to the site of CNN at the beginning will be redirected to another location, and privacy will be at risk. Meanwhile, the other site on the left of the CNN tab is in a state where HTTPS connection is in progress, the connection is stopped halfway and transmission of data including privacy information is stopped.
According to Mr. Hunt's research, it seems that many sites including New York Times, Ars Technica, The Next Web, etc. are completing HTTPS compliance. These sites are sites that announced completion of HTTPS compliance in January 2017.
Also, while there are voices saying "HTTPS is slow", in fact the speed itself is improving as well. Accessing the site "HTTP vs HTTPS" which can compare the difference in speed between HTTP connection and HTTPS connection makes it possible to check the difference between the two, but in some cases there are cases where HTTP connection is slower as follows about.
In this way, it seems to be said that promoting HTTPS compliance is becoming established as the tide of the whole web.