Part of Google Strategy
A controversy is breaking out as Google insists on applying HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) with stronger security features to all web sites accessed through Chrome Web Browser, unilaterally displaying a security alert message on a web site that does not use HTTPS, calling the site unsafe. Korean Internet content companies such as Naver and Kakao are taking issue with it, saying that that policy can mislead people into understanding that HTTP web sites, not HTTPS web sites, are susceptible to security breaches.
"We cannot guarantee security without HTTPS," said Google's security expert, Parisa Tabriz, a security specialist at Google Korea in Gangnam-gu in Seoul on February 13. "Chrome will raise warning levels on all web pages that do not use HTTPS."
HTTPS encrypts information exchanged between a web server and a browser by enhancing its security than HTTP, which is a general web page communication method. Google has been showing an exclamation point icon denoting “not secure” in front of the address bar of a website that does not support HTTPS access from Chrome since last month. Korean portal sites, Naver and Daum are receiving the same warning because their opening screens do not have HTTPS.
"I cannot understand why Naver and Daum of Korea are not based on HTTPS," said Tabriz. "It is necessary to apply HTTPS because opening screens get the heaviest web traffic." Tabriz claimed that data that people search for without logging in such sites also risk hacking because data can be used to identify individuals if data is accumulated.
In response to Tabriz’s claim, Korean Internet companies such as Naver and Cacao expressed concerns that users might think that there is a problem with the overall security of an HTTP web site because of Google's one-sided warning. "We can apply HTTPS after users log in our web sites because we know the importance of HTTPS," said a representative of Naver. “There is no problem with protecting personal information when a user accesses our opening screen before a login. Unlike Microsoft Explorer, only Google displays warning messages on a web site opened with Chrome."
"It seems that Google provides customized information from its opening screen to keep Chrome users from leaving the web site while Naver and Daum do not provide customized services until users log in their web sites," said Kwon Hun-young, a professor at Korea University's Graduate School of Information Security. "Ultimately, this application of HTTPS is interpreted as Google’s measure to strengthen its services."
Meanwhile, Naver and Kakao that runs Daum said that they are considering applying HTTPS to their opening pages as well.