Google Chrome will soon warn users that HTTP websites are unsafe by blatantly tagging them as “not secure,” a move that should further push the adoption of HTTPS encryption.
HTTPS is the secure version of HTTP, or Hyper Text Transfer Protocol. Google, one of the biggest champions of HTTPS, will continue to stand for it through an upcoming version of its Chrome browser.
Google Chrome 68 Will Tag HTTP Websites As ‘Not Secure’
In an official post on the Google Security Blog, Chrome Security Product Manager Emily Schechter noted that Google has started marking a bigger subset of HTTP websites as “not secure.” Google has been trying to keep users away from unencrypted websites for years, starting by pulling down the ranking of such websites in Google search results and placing similar warnings for unencrypted password fields.
However, starting with Chrome 68, Google will make the biggest move yet, as the “not secure” mark will expand to include all HTTP websites. Currently, in Chrome 64, HTTP websites are also marked, but some only show an “i” icon that expands into the non-secure warning only when clicked.
Google is targeting to roll out Chrome 68 by July this year.
According to the announcement by Schechter, the decision was based on the increased adoption of HTTPS encryption. More than 68 percent of Chrome traffic on Windows and Android and more than 78 percent of Chrome traffic on Chrome OS and macOS are on HTTPS websites. In addition, 81 out of the top 100 websites are now using HTTPS by default.
Google, however, is pushing for an even wider presence of HTTPS. Users may start to shy away more from HTTP websites if they are tagged as “not secure,” which should force their owners to reconsider the upgrade to HTTPS.
What Does HTTPS Encryption Do?
HTTPS encryption offers protection between the user’s browser and the website being visited, making sure that nobody can go in the middle to tamper with the traffic. Without that encryption, anybody with access to the user’s router or ISP will be able to intercept the information being sent to websites or inject malware into them.
HTTPS is not the only necessary solution for online security. However, among all available encryption options, it is relatively inexpensive to implement. The upgrade has also been made much easier by automated services that do the work for website owners. In fact, Google has its own tool for the purpose named Lighthouse, which was also featured in the Google Security Blog post by Schechter.