- Google Chrome starts marking all HTTP sites as ‘not secure’
- The change arrives with the Chrome 68 release
- It will be effective starting today (July 24)
Google, in an effort to move Internet users to a more secure Web, is taking another step with the launch of Chrome 68 for desktops on July 24. Starting the same day, Chrome users who visit unencrypted sites will be given warnings. With the latest version of Google Chrome, all HTTP sites will be marked as ‘not secure’. Google had already given developers over six months to move their sites to a secure connection. Back in February, Google had informed that Chrome 68 will start marking all HTTP sites as ‘not secure’ starting in July.
To recall, Google had started the trend of marking HTTP sites as ‘not secure’ with the Chrome 56 release that was debuted in January last year. However, the previous implementation was limited to webpages requiring certain private information from users, including credit card details. As mentioned, with Chrome 68, the omnibox on the top will now show the ‘not secure’ label for all HTTP pages, instead of the small ‘i’ icon for HTTP URLs. This label will not only highlight the unsecured nature of the HTTP pages but will also push webmasters to prefer HTTPS over HTTP.
From a user’s perspective, the main difference between HTTP and HTTPS is that all HTTPS traffic is encrypted by default, which means it’s more secure from snooping, especially on public networks. Google, in its Chrome Enterprise Release Notes for Chrome 68, said that unencrypted sites will now show ‘not secure’ indicator. It reads as, “For the past several years, we’ve advocated that sites adopt HTTPS encryption for greater security. Within the last year, we’ve also helped users by marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’.” Chrome also offers a policy to control the warning on the domains. At the time of writing, Chrome 68 had not yet been rolled out to desktop users on the stable channel.
In terms of the number of sites that will be impacted by the change, Google had shared some numbers earlier this year. According to the company, 81 of the top 100 sites on the Web now use HTTPS by default. It added that more than 68 percent of Chrome traffic on both Android and Windows and over 78 percent of Chrome traffic on Chrome OS and macOS now flows over HTTPS.
Apart from leveraging Chrome’s dominant position in the browser market to encourage the switch to HTTPS, Google has been working on other fronts as well. Apart from using HTTPS as a ranking signal, the search giant started indexing HTTPS pages by default in December 2015.
In addition to Google, other companies like Apple have been promoting the use of HTTPS as well. The iPhone maker made it mandatory for iOS apps to use secure HTTPS connections in June 2016.