Apple's Safari tests 'not secure' warning for unencrypted websites

For once, Apple is following Google in a privacy protection.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
2 min read
Safari Technology Preview

Apple's Safari team, following Chrome's lead, has begun warning people when they're visiting websites that aren't protected by HTTPS encryption.

The feature for now is only in Safari Technology Preview 70, a version of the web browser Apple uses to test technology it typically brings to the ordinary version of Safari. Apple released the update Wednesday.

Apple is trying hard to improve privacy right now, an effort that could dispel apathy about the issue and help Apple stand out from tech rivals. It's also meant Apple has butted heads with law enforcement officials and politicians who want to preserve something like the ability to tap phone lines.

But when it comes to pushing website operators to secure connections, it's been players like Google, Mozilla and Cloudflare that took the initiative. In July, Chrome began warning you if you visited a site that wasn't secure, part of a longer-term plan to get us to consider secure connections to be the norm on the web. Mozilla helped launch the Let's Encrypt project that means website operators now can get the necessary encryption certificates for free.

Securing connections between websites and web browsers scrambles data to block potential eavesdroppers like hackers, governments, internet service providers or airport Wi-Fi operators. When Tim Berners-Lee founded the web 29 years ago, he created technology called HTTP (Hypertext Transfer Protocol) to handle that communication, but use of the encrypted alternative, HTTPS, is spreading.

HTTPS also stops middlemen from tampering with web pages, for example internet service providers showing their own ads or government attackers inserting software that turns people's computers into part of an attack on an opposition website.

Apple declined to comment on its plans for bringing the warning to mainstream Safari. Apple's browser does warn you already if you have an insecure connection to a very sensitive website for typing in passwords or credit card numbers.

First published Nov. 14, 12:25 p.m. PT.
Update, 8:45 p.m. PT: Adds that Apple declined to comment.

CNET's Gift Guide: The best place to find the perfect gift for everyone on your list this season.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.