Would it surprise you to learn that the security of one-sixth—and possibly more—of the planet’s internet users is under the watchful eye of a quartet of women that call themselves the “security princesses”? Led by Parisa Tabriz, Google Chrome’s security team is a formidable force (and an anomaly) in the male-dominated tech workforce.
Tabriz’s team is out to improve the way internet users go about securing the sites they’re using—but since Google’s a pretty big deal, what Tabriz and company are really doing is setting industry standards. And it’s not another lofty promise made during a keynote speech in Silicon Valley. It’s fairly simple, really: Chrome’s security team wants to shame unencrypted sites.
At the top of most browsers, there’s a small lock logo to denote the security of the current site they’re perusing. This has become common in the visual vernacular of the web. The standard for security varies widely among those in the web industry. Google wants to be clear about their definition of “secure” by improving the way that information is conveyed visually. When the Tabriz’s team went back to the drawing board, they found they needed to define what was secure for Chrome.
That’s largely determined by one thing: the letter “S.” That S denotes the website is using HTTPS web protocol, which is basically the more secure and advanced younger brother of HTTP web protocol. These two acronyms might look familiar if you’ve taken a close look at the beginning of a URL, in which they appear (though many browsers hide them given their ubiquity). Basically, if a site doesn’t have the “S,” Chrome is letting you know about it. Despite the proclamation being made in January 2016, some sites have only just started to catch up to the standard. While that’s indicative of the convoluted nature of websites and the content they provide, more importantly, it means the task for Tabriz and her team is extremely difficult.
When Google made the announcement, there was an incredible amount of industry pushback, because it placed accountability on websites to secure all content on their page. Websites have control over a majority of the content, but some things, like ads or video players, are determined by the provider. It sparked a war, by encouraging websites to migrate to HTTPS, to more or less encrypt the entire internet. While the fight is far from over, the first battle was certainly won by the team protecting Chrome. In November, the team released a report saying more than half of the pages loaded on Chrome now use HTTPS.
To learn more about Google’s fight to secure the web and how the team reached this milestone, read an article from Wired here.
This article was featured in the InsideHook newsletter. Sign up now.