When you are browsing websites on Chrome, you may have noticed that there is usually a padlock icon towards the left on the URL box that shows whether a website is secure. That icon is important since it shows that the website is secure and this is important if you are going to be inputting sensitive information like bank account details or passwords.
HTTPS is the new protocol that is an extension of the http but unlike the latter, it has a new security layer that encrypts information, keeping communications and identity private. The standard is being adopted by websites all over but is still not mainstream.
This problem has been highlighted by Troy Hunt, the popular security authoritarian who runs the website haveibeenpwned that has a database of millions of leaked passwords an email addresses that you shouldn’t use.
His new service, Why No HTTPS highlights the most popular websites that are flagged as not secure by Chrome. There is a list of the most popular websites around the world that don’t have https that include the likes of Baidu(China’s Google), Daily Mail, 4 Chan and so on. Interesting enough, that top 100 list is dominated by China based websites.
Since there are also lists of the popular websites in countries that don’t have https, I was curious to see the one by Kenya and the results were rather grim.
In Kenya, top websites like ecitizen.go.ke, ntsa.go.ke, kra.go.ke and more don’t have https. eCitizen is the most worrying since that website handles a lot of data like ID numbers, emails, phone numbers and so on. These are the top 10 websites in Kenya that loaded insecurely according to whynohttps
However, KRA’s website might be insecure but their iTax website is secure, which is the same case with University of Nairobi where their main website is insecure but their student portal is secure.
This list is quite varied and it includes government departments, higher learning institutions, blogs, telcos and media stations.