There Are About to Be Far More ‘Non-Secure’ Sites on the Web
Expect to see more security warnings from the world’s most popular web browser in 2017.
Googlegoog Chrome, the search giant’s flagship browser, will begin labeling more websites as dangerous starting next year, according to plans previewed with Fortune. The change will affect certain unsecured webpages that feature entry fields for sensitive data, such as passwords and credit card numbers.
A note of caution will emblazon any webpages asking for sensitive data that are powered by HTTP—a standard data transmission protocol—rather than HTTPS—a newer and more secure specification favored by many cybersecurity experts. In the address bar, you’ll notice a new prefix: “Non secure.”
The move represents a step forward in the Web’s steady, inevitable march from HTTP (Hypertext Transfer Protocol) to HTTPS (Hypertext Transfer Protocol Secure). The latter version is sealed with protective encryption, preventing snoops and middle-men attackers from eavesdropping on, stealing, or manipulating data sent between an online service and a user, (thus keeping things like your bank account login details private, for instance).
Most websites that trade in confidential data, like banks and e-commerce outfits, have recognized the virtues of HTTPS, and began employing it long ago. Google, which prides itself on the security of its product, wants that mindset—and the quantity of Internet traffic protected with encryption—to spread.
“We will begin our plan to label HTTP sites more clearly and accurately as non-secure in gradual steps based on increasingly stringent criteria,” writes Emily Schechter of the Chrome security team in a blog post. “Eventually, we plan to label all HTTP pages as non-secure.”
For more on Chrome, watch Fortune’s video:
Google has already begun pushing for HTTPS in other ways. Recently, the company began boosting the rankings of websites that use HTTPS, using its search algorithm. Other companies, such as video streaming service Netflixnflx, have been rolling out the tech for some time.
The update is slated to be part of Chrome version 56, due out in January, Google said. In future updates, the company says it will begin to denote HTTP pages displayed in the browser’s more private “incognito” mode as “non secure,” too. Eventually, the Google team plans to deploy a more alarming red triangle “warning” icon for HTTP sites, it said.
For website owners everywhere, the development portends an inexorable trend: Google’s intentions are clear, and the days of HTTP are drawing to a close.