Beginning in January, Google Chrome will begin a transition toward eventually marking all HTTP sites as non secure. Emily Schechter, part of the Chrome security team, made the announcement in a recent blog post.
Chrome currently marks HTTP connections with a neutral indicator, she said, but that doesn’t reflect the true lack of security for HTTP connections. “When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”
She says a “substantial portion” of web traffic has transitioned to the more secure HTTPS, and Google is committed to working with the top 100 non-Google sites to make the transition to HTTPS by the end of this year. Google says top-100 sites account for 25% of all worldwide website traffic.
Schechter notes that, because users don’t perceive the lack of a secure icon as a warning and users become “blind to warnings that occur too frequently,” Google is taking gradual steps toward more clearly and accurately labelling HTTP sites.
With Chrome 56, in January Google will label HTTP sites that transmit passwords or credit cards as non-secure. In subsequent releases, it will expand that list to include HTTP pages viewed in Incognito mode, with the eventual goal of labeling all HTTP pages non-secure and displaying the red triangle that signifies broken HTTPS.
HTTPS stands for Hyper Text Transfer Protocol Secure. It uses separate protocols named Secure Socket Layer and Transport layer security. HTTPS benefits users with faster speeds as websites supporting HTTPS have already been certified as secure and are merely tunneled to the user