hankyoreh

seen using Google Chrome

Google is being criticized for labeling completely normal websites as being unsecure and unsafe simply because they have not adopted the “https” format. While this can be seen as an attempt to increase the level of security on the internet, critics point to major side effects of this arbitrary policy.

Anyone who used Google’s Chrome web browser to access Naver (www.naver.com) on Feb. 12 would have found an “ⓘ” on the left side of the search bar. Clicking on this button brings up a warning not to input passwords or credit card numbers into the website because they might be stolen by malicious parties. The same message appears when connecting to sites such as Daum, Samsung Electronics, the National Intelligence Service and AhnLab. “The majority of websites in South Korea will be labeled as being unsafe,” said a source at a South Korean Internet firm.

Since Chrome switched from the old “http” method of communicating between browsers and websites to the new “https” method, which is regarded as having stronger security, these warnings have been popping up when users connect to websites that have not adopted the new method.

“Google’s websites already adopted the new method four years ago, and now it has become a global trend. The objective is to improve Internet security, not to make things harder for domestic companies,” said a Google source. When Chrome is used to access websites operated by Google such as YouTube and Gmail, a padlock icon is displayed, indicating the websites are safe.

Since the new method encrypts the data exchanged between browsers and websites, it is true that it offers outstanding technical security. The URL begins with “https” (instead of the usual “http”). On the other hand, this requires encryption and decryption, which slow down the response time. Furthermore, it costs from tens of thousands to hundreds of thousands of won to purchase and implement certification (that is, technology) from the certifying body.

Google’s main page

As a result, there are many websites that keep the old method for their first page and only apply the new method for pages that request users’ private information. “We have no problems with security since we maintain the old method for our first page because of issues with speed and apply the new method for all pages starting with the log-in and search screens,” Naver said. But Google is creating confusing by not taking this into consideration. The reaction from Internet users has been one of discomfort and concern that their personal data might be leaked.

Website operators cannot protest openly because, technically speaking, there’s nothing wrong with Google‘s policy. But they do wonder whether it’s really necessary to switch to the new method despite the slower speed and the immense cost even for pages where there‘s no risk of personal information being leaked.

“Smaller companies and start-ups aren’t able to switch to the new method even if they want to because of the cost. Even for us it cost almost 100 million won (US$86,770). The problem is that Google isn’t taking such circumstances into account,” said a source at Naver.

But Google has made clear that a change of policy is not on the table. Furthermore, the number of Chrome users is rapidly increasing. As of the end of January, Chrome was the Internet browser of choice for 57.9% of users, more than triple Microsoft’s Internet Explorer, at 19.7%. In the end, website operators will likely have to give in.

“If users are warned one time that a site isn‘t safe, they’re reluctant to go back. Given these considerations, we‘re looking into the idea of expanding the new method to our entire website even though there are no problems with protecting personal information,” said a source for one Internet portal.

By Kim Jae-seob, staff reporter

Please direct questions or comments to [english@hani.co.kr]