Google Chrome is now marking all HTTP sites as ‘not secure’

null

Google has made good on its two-year old promise of making the internet a safer place by naming and shaming unencrypted sites. While the search giant began to roll out ‘not secure’ warnings for HTTP sites with the release of Chrome 56, the latest version of the browser now has a marker for all unencrypted sites.

The warning appears in the URL bar: instead of the usual green padlock and the word ‘Secure’, you’ll see the words ‘Not secure’ if you land on an unencrypted page. Clicking on the label will display a warning advising users against entering any sensitive information into the page, like personal details and credit card info.

For the most part, the warning is meant for developers of the sites to adopt HTTPS protocols – which adds encryption between the user and the website they’re visiting – and is not a notification that a user has been hacked.

Tighter security

HTTPS sites are a lot more secure; they prevent malware attacks, keep third parties from pushing targeted ads and prevent cryptocurrency mining

Google has been urging developers to make the change for a couple of years now. With the release of Chrome 56 in 2016, all HTTP sites that needed a password or contained payment fields were marked with a ‘not secure’ warning, while Chrome 62 saw any HTTP site opened in an Incognito Window.

All these measures seem to have paid off; Google notes that most of the Chrome traffic has already adopted HTTPS protocols.

The HTTP warning on Chrome 68 | Image courtesy: Google

The HTTP warning on Chrome 68 | Image courtesy: Google

The fight continues

Google’s security measures don’t stop with Chrome 68. The next version of Chrome is set to launch in September this year and will see the green ‘secure’ label associated with encrypted sites appear as a less prominent black in the address bar.

While HTTP sites are currently marked ‘not secure’ in black, October’s Chrome 70 version will display the warning in red.

A future version will remove the ‘secure’ label from HTTPS sites completely, reinstating Google’s stance that security should be the norm.