We belong to the world of seamless communication and internet connections that are even better with HTTPS. Well, HTTPS and SSL certificates are the need of the hour for the safety of servers and for all browsers. Post the announcement of the update lately in January 2017, stating that Google is labeling No HTTPS websites in its Chrome browser as ‘not secure’. This update from Google has brought havoc in the online world where many website owners started to choose the HTTPS secure version. Nevertheless, this update in recent months was important too, because it is securing all the confidential and private information that people use to enter a website/web page.
Quick Brief On What Is HTTPS?
If starting with HTTP, it is Hypertext Transfer Protocol and a fully dedicated structure for getting the information on the web. It is considered an application layer protocol. What does it do? It transmits information to the web user no matter whichever channel it takes to do so. HTTPS is a strong protocol that stands for Hypertext Transfer Protocol Secure that allows secure transactions between two ends and provides a secure environment over the web. Data like credit cards and passwords require high-level security and HTTPS is the best answer to it.
Here the crux is that HTTPS is mandatory for having secured online communication. Owing to the non-secure websites or insecure sites will not be able to get the Geolocation data from their respective browsers.
Chrome 50 version already included deprecation of getting Geolocation from nonsecure URLs/pages using HTML 5 Geolocation API. It simply illustrates that Geolocation API calls must be served on a secured connection.
Let’s move further with a better understanding of the same in detail.
Unless Your Website Is HTTPS, Firefox 55 Will Not Send The Location To Sites
So this year in August 2017, Mozilla is all set to release Firefox 55. There one notable change that’s predictable to arrive in the update is the insecure websites won’t be able to get your Geolocation data. Why?
Because this information will be only sent to secured websites and encrypted WebSocket (WSS://) connections, and then the requests from local resources including localhost will be done. This criterion will also take another crucial step wherein, it will act as a push mechanism for the sites to adopt more secure protocols.
Take a look at some data – According to Mozilla’s Telemetry data – they have studied and analyzed data five months ago that with the effect of secured Geolocation requests, around 0.188% of page loads will be affected in the browser. The data also suggested that 57% of getCurrentPosition() requests and 2.48% watchPosition() requests are being served on non-secure connections. The figure is still high and expected to be going down when more and more HTTPS migration will take place in the near future.
These figures and percentages are not that alarming, yet can’t be ignored. A good thing that is happening because of the awareness and this kind of studies is that more and more websites are turning to HTTPS feature.
Another insight that is important for you to know is that when you run or work on Firefox Nightly with the Firefox 55 version you might come across Geolocation requests for the non-secure website. In fact, this is a hidden feature but by setting preferences to false, you can test it now. Let’s see how:
- First start with typing about:config in the address bar of your browser and press enter key.
- Then confirm by accepting that you will be cautious of what you are doing.
- Now start the search by typing – geo.security.allowinsecure , here you will have to double-click to toggle the preference.
- Finally, once you set the false preference, any type of Geolocation from a non-secure site will eventually fail.
Take A Further Leap In Understanding – Geolocation API Removed From Unsecured Origins In Chrome
Google’s Chrome is one of the strongest browsers in terms of functionality and technicalities, thus it adheres to strict guidelines and set of security protocols. Considering these guidelines Chrome has publicly censured some strong features on the non-secure sites like – the Geolocation, and by doing this Chrome hopes that the other browsers will also execute the same.
Right now Chrome 50 no longer support getting Geolocation for the insecure websites that are using HTML5 Geolocation API. By adhering to this step, Chrome clearly indicates that now it will support only the HTTPS secure websites for obtaining the Geolocation. Understanding that this is a crucial issue, Chrome will not support any non-secure website for getting Geolocation data, but it does indicate that it will give fantastic results in future in terms of better security and safe browsing.
Why this change is being made and is urged by the owners to turn to HTTPS for the Geolocation because the location is sensitive data for any site. Requiring HTTPS is an essential protocol that is needed for protection and securing the privacy of your users’ location data as privacy is critical aspect in online world. If Geolocation API is served over non-secure pages then attackers can easily intercept the data and get the details of user’s location, which can put the user’s privacy at stack. An attacker can manipulate users’ data and use it for malicious activities. The degree and the nature of individual and business information accessible to possible hackers would allow targeted attacks, which may be difficult to stop, identify and manage.
Now, Flash Is Only Being Loaded From HTTP/HTTPS Urls
Another section of the article, probably the last will talk about how you can load Flash using HTTP/HTTPS.
Yes, this is possible as Firefox 55 and another upcoming version after Firefox 55 will stop uploading any flash content from any other URLs or sources except HTTP and HTTPS. This is certainly because of the stringent security features as different same-origin policy for file protocol is applied here, as there are also some minor protocols that are not tested properly on the security parameters. But there is hope and a way out to test the local flash files through hidden plugins, but to fully run it you may have to set up a local web server too.
Just to give final thoughts, it is fair to Geolocation with secure login because it is all about location and user security on the web. Thus, to grab Geolocation of users with Firefox version 55, the website should be HTTPs secure. Be aware, Be safe!