Cross-posted on the EdTech Strategies blog: https://www.edtechstrategies.com.
Chrome is the most popular** browser, and later this month it will be making a change in the way it communicates the safety of websites to users. This is not unexpected: Google has been signaling its intent to do so for years. The change:
I’ve previously documented that state department of education and school district websites appear to be lagging other sectors in offering HTTPS (and other important secure browsing features) to their users. Well, in a few short days, as parents, students, teachers, and members of the media go to visit these same websites, their browser bars are likely to begin reporting that school websites are not secure.
That notice will generate important questions about the digital security practices in education – and rightfully so.
It won’t just affect school websites, though. As I (and others) have documented, many education companies will also be flagged (see, e.g., ‘Scholastic Makes Misleading Privacy, Security Claims in Services Directed to Children‘). It also will affect K-12 education trade publications and organizations not currently serving their websites only over HTTPS, such as:
- AASA (The School Superintendents Association)
- American Youth Policy Forum (AYPF)
- Association of Educational Service Agencies (AESA)
- Buck Institute for Education
- Council of Chief State School Officers (CCSSO)
- Digital Promise
- EdNET 2018
- Education Post
- Entangled Ventures
- Getting Smart
- Knowledge Alliance
- Mastery Transcript Consortium
- National Association of State Boards of Education (NASBE)
- National Council of Teachers of English (NCTE)
- National Education Association (NEA)
- National Rural Education Association (NREA)
- Partnership for 21st Century Learning
- Project Tomorrow
- State Educational Technology Directors Association (SETDA)
- Trusted Learning Environment
- Whiteboard Advisors
This list took all of 20 minutes to generate and includes some of the largest and most prominent voices shaping education policy and practice today. The systematic lack of attention to basic issues of digital security being demonstrated here is concerning.
Look: HTTPS is important. Implementing HTTPS – in many cases – is easy. Not implementing it by a deadline that has been years in coming is a mark of shame and deserves to be called out as such.
** I’ve never been one to follow the crowd and I do what I can to avoid the Chrome browser, primarily for reasons of privacy. Instead, I’d recommend Firefox, Brave, and Tor on the desktop. Note that YMMV depending on your needs and technical comfort.