Google to Release New Version of Chrome: Marking Non-HTTPS Sites as ‘Not Secure’
Google will release a new version of its popular Chrome web browser July 2018. Chrome 68 will mark all HTTP sites as “not secure” and ultimately push webmasters to convert to HTTPS. Google started this trend of marking HTTP sites as “not secure” with the release of Chrome 56, but the implementation was limited to webpages requiring certain private information from users, like credit card details. With Chrome 68, the omnibox on the top will display a “not secure” label for all HTTP pages. For a user, the main difference between HTTP and HTTPS is that all HTTPS traffic is encrypted by default, which means it’s more secure and will keep people from snooping.
Privacy and security enthusiasts have encouraged the makers of web browsers for a long time to include indicators that help users understand if it’s safe to share their information on the website they’re visiting. Including the “not secure” tag should discourage Chrome users from giving their personal information to sites that don’t use proper encryption.
The process of marking all HTTP sites as “not sure” has been going on for a while. Google has gradually put alerts in place in efforts to protect its users. The company started these warnings back in 2016. The upcoming “not secure” tags on all HTTP sites will be its broadest effort so far to alert users of potential dangers online. Google says the change shouldn’t affect majority of the web. The company has tracked adoption of HTTPS encryption over time and has seen the protocol become customary in recent years. This is probably because of the threat of being marked “not secure” by a major browser like Google Chrome.
• Over 68 percent of Chrome traffic on both Android and Windows is now protected
• Over 78 percent of Chrome traffic on both Chrome OS and Mac is now protected
• 81 of the top 100 sites on the web use HTTPS by default
“Chrome’s new interface will help users understand that all HTTP sites are not secure and continue to move the web towards a secure HTTPS web by default,” Emily Schechter, security product manager for Google Chrome, wrote in a blog post. “HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP.”
The Difference Between HTTP and HTTPS
The difference between HTTP and HTTPS is more than an additional letter. It’s the difference between information being secure and potential exposure to hackers. HTTP stands for hypertext transfer protocol and is the protocol that allows for communication between a user and a website’s servers, allowing users to view and interact with web pages. What’s missing from HTTP is encryption. The connection between the user and the server is unencrypted, meaning the information can potentially be gotten by an attacker intruding in the middle of the conversation between the user and the website.
HTTPS adds encryption to the equation. The “S” stands for “secure”, which means you can trust the connection between your computer and the server you are communicating with is encrypted and protected from anyone who may be trying to get a hold of your personal information. When a connection is encrypted, a secure tunnel is created between the user and the recipient that ensures they’re the only ones able to decipher the information. This should be essential protocol for any site that requires personal data like, passwords, logins, or payment information. In order to be considered secure, websites must obtain SSL (secure sockets layer) certificate, which is utilized to create the secure and encrypted connection.