From January, Google’s Chrome browser will start telling its one billion users that pages on an unencrypted HTTP connection are not secure. “Chrome now indicates HTTP connections with a neutral indicator”, Chrome Security Team’s Emily Schechter writes.
Advertisement
“Chrome now indicates HTTP connections with a neutral indicator”, wrote Emily Schechter, the Chrome Security product manager, in a blog post. According to Schechter, someone on the network could modify the HTTP website before it reaches the user’s browser.
“Studies show that users do not perceive the lack of a “secure” icon as a warning and become blind to warnings that occur too frequently”.
In subsequent releases, for example, they’ll extend the warning to non-secure sites visited in Incognito mode with the eventual goal of labeling all HTTP pages as non-secure. Eventually, sites that continue to use HTTP will be labeled with a red triangle that Chrome now uses for HTTPS sites that are not functioning like they should.
Because of the risk of users ignoring the warnings, Google intends to roll them out slowly and carefully.
The changes seem meant to pressure site owners to switch to the more secure HTTPS, which encrypts data while in transit and helps prevent the site from being modified by a malicious user on the network.
In the last couple of years, the web has seen a tremendous rise in the number of websites that use encryption, which is displayed by that little green lock next to the site’s address and an extra “s” at the end of HTTP.
Advertisement
Currently, the Chrome browser marks HTTP websites as neutral. “A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing”. Currently, more than half of Chrome desktop page loads are served over HTTPS, but the company wants to push that as close to 100 percent as possible. This way it will be able to warn users that they are entering risky zone in the Internet and potential attacks will be reduced to a great extent if the users receive this information in advance. “Let’s hope that that is about to change”. The whole idea of having Chrome 56 block an encrypted website is to keep the users safe. But, he added, “utilising transport encryption is an important control”.
