You've probably heard that the Chrome browser helps make sure you don't accidentally visit websites that may be harmful. That's true, but like most things in Chrome, there's also more information available for every web page you visit when it comes to trust. It's actually right there in front of us all the time, right in the omnibar. Let's have a basic look at what Google does to make sure you're safe on the web when using Chrome.
Every website is given a trust rating by Google. There are based on what's called a "certificate" and the data collected by Google's Safe Browsing program. Google's Safe Browsing is an index of the web (yes, all of the web) that will warn you before you load a site that may be unsafe by pausing the loading of the page and warning you. You'll see some information that tells you what Google thinks is wrong and the option to continue to the page or to go back a step to the last page you visited.
We blocked the website address in this image to make sure nobody tries to visit it, but you would normally see it in the text. Any web page that Google's Safe Browsing engine suspects of having malware or collecting your user data will be flagged this way. Safe Browsing is built into Chrome, Firefox and Safari. Safe Browsing isn't something that was made to compete in any sales market. It's a service from Google's web security team that other companies can use and help make better so we're all safer on the internet.
Safe Browsing stops you from going directly to a web site that Google has flagged as harmful.
Chrome also has another safety check in place that uses a site's SSL certificate. A certificate is a small data file that is uploaded on a website's server that binds a cryptography key to that particular site. When a proper certificate is installed on a server, it activates the HTTPS protocol so secure connections between the web server and you are possible. This way, things like credit card transactions, personal details, and data transfers stay between you and the site you're visiting. A certificate also ties a site's domain name, hostname, company name, and location together.
Google has a list of companies that provide these SSL certificates who are trusted. Anyone can create an SSL certificate, and if you work for a company with a big intranet (web pages for internal use) or that uses their own VPN credentials you probably have a custom certificate from your IT department you need to mark as trusted in some applications. Those don't go into Google's master list but are treated the same way because you (or your IT department) explicitly said they were trustworthy.
Using the SSL certificate (or lack of) Chrome will give a website one of four ratings.
- Secure. This web page is using a valid SSL certificate and all the data going back and forth is only available to you and the server you're visiting.
- Info. This site isn't using a valid certificate, but there is no reason to suspect any hanky panky is going on. You can click the icon to get the details.
- Not Secure. There is something wrong with this site's privacy settings and someone else might be able to see the data you're sharing with it.
- Dangerous. Avoid this site because your private information is at risk. If you didn't disable Safe Browsing you'll get the warning page before you arrive at a site with this rating.
You find these icons in the omnibar (Chrome's version of an address bar) in your browser. You can click on any of them and you'll get all the details Google has about the site as well as links that might help explain what you're seeing.
SSL certificates are becoming more and more necessary and common. You'll find that most companies with a big online presence use them. But you also might need to make sure you're using the right URL to get there!
Android Central is an example. We have a recognized SSL certificate, and you'll be able to use it with Chrome if you visit https://www.androidcentral.com. You'll see the lock icon along with our company name in Chrome's omnibar and that means that everything you type or otherwise enter on one of our pages is encrypted so that only you and we can read it.
SSL certificates are a great way to make sure the data you send to any web page is encrypted and secure.
But we also need to be legacy compatible. We want someone with an old Android tablet or one they bought that doesn't have Google's software available to be able to visit using a browser that can't use certificates or might have difficulty rendering sites that have them. If you visit http://www.androidcentral.com (notice the use of http versus https) you'll see the info icon. You can click on that icon and it will tell you that your connection isn't secured.
Many sites are this way, so be sure to update all your bookmarks to use the https address!
Chrome isn't the only browser that helps make sure you're safe on the web. Microsoft, Mozilla, Apple and everyone else wants your experience to be the best it can be so you keep using their products. But Chrome gives plenty of details to help you know what's going on and we want to make sure you know how to find them.
Updated January 2018: This post was updated with the latest information.