I think this is a good move which should be applied to all browsers. But consider that when an imperialist power can intercept all the communications of a country they are invading or are organizing a coup in while the more legitimate government of this country can’t see anything, it can sometimes benefit the oppressors more than the people. We could think of this as Google having their interests aligned with ours in restricting those who can spy on us to a smaller set, and often it will be true. which means that encryption is irrelevant for them if they really want to know something. Google is less concerned about our security than they are about them being the only ones able to exploit commercially the data they have access to, and the government serving their interests and whose interests they serve having an advantage on others in worldwide mass surveillance on all internet data, because they have the main internet service endpoints under their jurisdictions, together with the main man-in-the-middle reverse proxies (Cloudflare monopoly), the main certificate authorities, the main operating systems, etc. Now You: What is your take on the change?īlocking non encrypted png or mp3 downloads has litttle to do with the security of the download itself, it’s just part of the Google campaign to aggressively enforce https use everywhere on the web. Google will delay the roll-out on Android and iOS versions of Chrome for one release which means that warnings for insecure executable file downloads are displayed in Chrome 83 on that systems and not in Chrome 82.Īdministrators may use the flag chrome://flags/#treat-unsafe-downloads-as-active-content to disallow downloads of unsafe files right away when Chrome 81 gets released (as well as in development versions of the web browser).Īll it takes is to enable the flag and restart the browser to do so.Įnterprise and education customers may override the blocking on a per-site basis by using the InsecureContentAllowedForUrls policy. In Chrome 85, these non-safe types are blocked as well, and warnings are displayed for media and text files.įinally, in Chrome 86, all insecure downloads are blocked in the browser. Then in Chrome 84, insecure executable downloads and archive downloads are blocked, and a warning is displayed for "all other non-safe types" such as pdf or docs. Starting in Chrome 83, the browser will block insecure executable downloads outright and display a warning if archives are downloaded via HTTP. In Chrome 82, a warning will be displayed if executable files are downloaded via HTTP but the blocking is not enforced at this point. First, the browser will only display warnings in the Developer console to get the attention of developers working on sites with insecure downloads. Google will introduce the change gradually starting in Chrome 81 on the desktop. To address these risks, we plan to eventually remove support for insecure downloads in Chrome. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users' insecurely-downloaded bank statements. Insecurely-downloaded files are a risk to users' security and privacy. by tampering with a mixed image of a stock chart to mislead investors" or injecting "a tracking cookie into a mixed resource load". Back then, Google declared that mixed content, another term for insecure content on secure websites, "threatens the privacy and security of users" as attackers could modify the insecure content, e.g. The change is the next step in Google's plan to block "all insecure subresources on secure pages" which it announced last year.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |