Ugly HTTP Extension Makes HTTP Pages Dreary.
We are always writing about the ways Google is making HTTPS better and discouraging people from sticking with HTTP. Its latest effort is marking HTTP pages that contain login/credit card forms as “Not Secure.”
But what if Google made its treatment of HTTP way more aggressive?
That’s exactly what Lucas Garron, a security engineer working on Chrome, thought to do. Garron is behind important SSL/TLS work such as Chrome’s HSTS preload list, and some of the browser’s security UX.
This week, Garron released an extension for Chrome with a new approach. Named “Ugly HTTP,” the extension desaturates the colors on any HTTP page, revealing the dreary reality of the unencrypted web. If you prefer to ugly-ify HTTP a different way, the extension supports other options such as hue inversion, sepia tone, and overexposure.
This is more silly than serious. It’s beyond unlikely that Chrome would adopt this as an official treatment of HTTP. Though, if they could figure out a way to target webmasters who keep pushing an HTTPS migration further down their calendar we would support it.
This isn’t the first time a developer has thought of making the threat of HTTP much more apparent and annoying. April King, who works on Firefox, wrote her own extension with very similar behavior to Ugly HTTP for Firefox. Eric Lawrence, another Chrome engineer, developed an extension that highlights HTTP links in red and inverts images loaded over HTTP.
It looks like security engineers share the same hobbies!
If you want to make HTTP ugly in your browser, you can download Garron’s extension from the Chrome web store. Since the extension requires the ability to read and change all data on all sites you visit, it may comfort you to know it is open source and available on Github.