When you are browsing websites on Chrome, you may have noticed that there is usually a padlock icon towards the left on the URL box that shows whether a website is secure. That icon is important since it shows that the website is secure and this is important if you are going to be inputting sensitive information like bank account details or passwords.
HTTPS is the new protocol that is an extension of the http but unlike the latter, it has a new security layer that encrypts information, keeping communications and identity private. The standard is being adopted by websites all over but is still not mainstream.
This problem has been highlighted by Troy Hunt, the popular security authoritarian who runs the website haveibeenpwned that has a database of millions of leaked passwords an email addresses that you shouldn’t use.
His new service, Why No HTTPS highlights the most popular websites that are flagged as not secure by Chrome. There is a list of the most popular websites around the world that don’t have https that include the likes of Baidu(China’s Google), Daily Mail, 4 Chan and so on. Interesting enough, that top 100 list is dominated by China based websites.
Since there are also lists of the popular websites in countries that don’t have https, I was curious to see the one by Kenya and the results were rather grim.
In Kenya, top websites like ecitizen.go.ke, ntsa.go.ke, kra.go.ke and more don’t have https. eCitizen is the most worrying since that website handles a lot of data like ID numbers, emails, phone numbers and so on. These are the top 10 websites in Kenya that loaded insecurely according to whynohttps
- kra.go.ke
- ecitizen.go.ke
- uonbi.ac.ke
- helb.co.ke
- ntsa.go.ke
- mku.ac.ke
- jkuat.ac.ke
- kenyalaw.org
- strathmore.edu
- nairobiwire.com
However, KRA’s website might be insecure but their iTax website is secure, which is the same case with University of Nairobi where their main website is insecure but their student portal is secure.
This list is quite varied and it includes government departments, higher learning institutions, blogs, telcos and media stations.
This article is misleading to the public. a quick look at e citizen contains the “padlock” referred to in the article. See image
https://uploads.disquscdn.com/images/148f241d674b4399de7e851d0d93819349f4dde8937efd739b3c937c705bf5d9.jpg
I don’t know what you are on but you should totally change your dealer…
Lets engage in meaningful discussions Sir.
No. On a serious note, you actually made me switch browsers just to find out if I was seeing my own things. ecitizen.go.ke is not a secured website. Which browser are you using?
The sniped posted is from chrome…the argument is whether its http or https
It is always best to remove the log in your eye before criticising others, Your website is not secure. ‘Let’s Encrypt’ service is free.
Even techweez doesn’t use https lol
Ecitizen does use https for the important pages…most of the pages infact.However there are some which are not secured.The trend nowadays is whole site encryption like Jumia Kenya,gmail e.t.c not just login pages and such
Comments are closed.