Chrome to Label HTTP Sites as Insecure

Chrome to Label HTTP Sites as Insecure
According to new reports, Google is making a move in its HTTPS push by marking HTTP sites as non-secure in Chrome.

This week, Motherboard reported that an upcoming version of the Chrome browser will flag unencrypted websites as insecure, and flag the sites with a red "x" over a padlock in the URL bar. Currently, Google Chrome displays an icon of a white page for sites not secured with HTTPS, while sites secured with HTTPS feature a green locked padlock. The red "x" padlock is only used if there is something wrong with the HTTPS page, but this icon will be more common once the update rolls out. Chrome users can check out what the new marking system will look like by typing "chrome://flags/" in the URL bar, and enabling the special feature "Mark non-secure origins as non-secure."

This new feature is part of a plan Google outlined back in 2014. "We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015," wrote Google's Chris Palmer on the Chromium Security proposal. "The goal of this proposal is to more clearly display to users that HTTP provides no data security." On January 26, Palmer tweeted an example of the feature: "The future. More like this coming down the pike." Google's "Security Princess" Parisa Tabriz added, "HTTP, we're readying to call you out for what you are: UNSAFE!"

Photo: © iStock.