[quote]The war on insecure webpages has begun, and Mozilla fired the first shot.
Recently, Mozilla rolled out Firefox 51 to its mainstream user base. With the new release comes an insecure warning on any page that offers a login form over an HTTP connection instead of HTTPS. Chrome plans to follow suit with version 56, expected to be released to mainstream users on Tuesday, January 31, as Ars Technica first pointed out.
HTTP uses an open, unencrypted connection between you and the website you’re visiting that could be intercepted by anyone monitoring traffic between you and the site. For that reason, it’s never a good idea to share login or credit card information over an HTTP connection. Most major sites offer the encrypted version—HTTPS—but every now and then you’ll come across a site that doesn’t.[/quote]
Looks like webdesigners will now - if they haven’t already - have to seriously consider HTTPS
and this is from none other than PC WORLD last week check this out
[quote]In Firefox, users who’ve recently updated their browser will see a lock icon with a red strike through it next to an information icon in their URL address bar. These icons appear together when a user lands on a login page with an insecure HTTP connection. If you click on the icons you’ll see a plain-language explanation that the site is not secure, and a warning that any logins on the page could be compromised.
Chrome, meanwhile, will take a slightly different approach. Instead of a red strike through, Google’s browser will display an information icon along with the message “Not secure.”[/quote]
In essence any web site owners still using http are going to be progressively shamed by the increasing SECURITY WARNINGS
it looks to me like Dreamhost have already got HTTPS ready and waiting for us and from what I can see they are offering a good service, so far so good
but your entire site must contain links that never venture to your site’s old HTTP address
it strikes me that brand new web owners will have a distinct advantage here. they will never have had http links, they should just kick off with https from the get go