Google is continuing its effort to increase uptake of HTTPS, and will soon make it much more obvious if you're visiting an insecure site.
Starting with Chrome 69 (due for release in September), sites using HTTPS will no longer receive a pat on the head in the form of a green padlock icon in the address bar. That's the very minimum that Google expects.
Things will get even stricter with the release of Chrome 70 (scheduled for October). Instead of a subtle grey notification in the address bar, non-HTTPS sites will be flagged up with a bright red warning triangle – the same one it currently uses if there's a problem with a site's security certificate.
"Users should expect that the web is safe by default, and they’ll be warned when there’s an issue," Google said in a blog post (opens in new tab).
Google's first stab at labelling non-encrypted sites came in the form of a discreet 'i' icon, which users could click to find out more. It wasn't terribly intuitive, and was easy to miss.
The browser began labelling non-HTTPS sites more clearly early last year, starting with pages that transmit passwords and credit card details. These warnings were designed to help Chrome users avoid 'man in the middle' attacks, where data is intercepted by a third party.
Google's ultimate goal is for all sites to use HTTPS encryption. "We hope these changes continue to pave the way for a web that’s easy to use safely, by default," it says.
- Check out our guide to the best web browsers
Via The Verge (opens in new tab)