Google Chrome is doubling down on sites which use HTTP connections instead of the more secure HTTPS one. Version 56 of the browser will demarcate the former as non-secure starting from January 2017.
This is a major step-up from Google’s previous approach to HTTP sites. The new move is apparently meant to ensure that its users have a safe browsing experience. Pages which utilize the unsafe connection are more open to attacks. According to the company, hackers on the network can look at or mess with a site before it reaches you.
As such, Google thinks its current system doesn’t adequately communicate how risky HTTP truly is. So far, Chrome has labeled sites which load these connections with a neutral indicator. The new year will usher in a brand new system wherein it’ll stamp HTTP pages involving passwords or credit cards as ‘Not secure’ right in the address box.
Moving forward, Google plans to extend HTTP warnings when a person goes into Incognito mode as well since its a place where they might have higher expectations of privacy. The brand only plans to escalate matters from there, tagging all such pages as non-secure and switch from the present HTTP security indicator to the red triangle utilized for broken HTTPS.
Several sites have already made the leap to HTTPS. As per Google, more than half of Chrome desktop page loads come via the standard. 12 of the top 100 websites shifted from HTTP to HTTPS since its February HTTPS report, narrowly escaping the search giant’s wrath.