Jump to content

Google Chrome to tag all sites accessed through HTTP as “not secure”


straycat19

Recommended Posts

Google will take its efforts to shame website owners into encrypting their traffic up another notch this July with the release of Chrome 68.

At that point, Chrome will label all websites that use unencrypted HTTP connections as "Not secure" via a pop up on the left side of the web address bar, no matter the circumstance.

 

Google Chrome HTTP Not secure

The problem with HTTP is that any data the web page transmits can be potentially spied on, which could expose passwords or credit card information. As a result, Google has been pushing websites to embrace HTTPS encrypted connections.

Over the past two years, the company has been steadily adding "Not secure" alerts to the browser to flag web pages still on HTTP. However, the alerts have only been appearing under certain conditions, like if you start typing information into an HTTP page.

Google decided to gradually roll out the alerts to give website owners time to implement the encryption. But that grace period is coming to an end, the company said in a Thursday blog post. The good news is that more sites are steadily adopting the encryption; 81 of the top 100 sites on the internet now use HTTPS by default, the company said. In addition, 68 percent of Chrome browser traffic over Android and Windows is now encrypted, up 4 points from October.

Eventual Chrome Not Secure Warning

 

For now, the "Not secure" alert appears only in gray text with a white information icon next to it. But in the future, Google intends to make the alert red, with a warning triangle attached. Mozilla's Firefox has also been labeling HTTP pages with similar-looking alerts.

 

Article

Link to comment
Share on other sites


  • Replies 4
  • Views 1.2k
  • Created
  • Last Reply

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

Treatment%2Bof%2BHTTP%2BPages%25401x.png
 
In Chrome 68, the omnibox will display “Not secure” for all HTTP pages.
 

Developers have been transitioning their sites to HTTPS and making the web safer for everyone. Progress last year was incredible, and it’s continued since then:

 

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

 

Chrome is dedicated to making it as easy as possible to set up HTTPS. Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages. The new audit in Lighthouse helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.

pasted%2Bimage%2B0%2B%25281%2529.png
Lighthouse is an automated developer tool for improving web pages.
 

Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP. Developers, check out our set-up guides to get started.

 

Source

Link to comment
Share on other sites


Google the same company  that wouldn't take down a VLC clone from there  store  full of spyware when VLC asked   not tell it   it made the PC centric  News did they take it down because they make money from ads. A ad company  is going  to make the Internet  a better place,  when even there browsers and there forks   are even worse about  holding off  security patches than others .  they do like  Microsoft and wait tell a  month latter to give you updates. the same company who's safe search  is just another spyware like WOT  !

 

The same company who is always allowing  people to get infected  from there own store  and https sites, and to top it all off Google has censored  there search engine  so bad you're lucky you don't click on a malware site looking for relevant results,  it's became garbage  and if we put the world in Google's hands the rest of the Web will  be too.  What goes up must come down,  once  Google gets there own adblocker that allows only there ads,  that will be when the masses leave the browser,  so they can still see websites ,  because websites are going start blocking it for blocking  there ads. I don't care what Google does because I'm going  to  use  something else.

Link to comment
Share on other sites


I see what they might be trying to achieve here and it is theoraticaly good. But then, just because I see HTTPS in the title bar doesn't it mean the page is "secure" these days either.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...