Google Chrome to Label Sensitive HTTP Pages as "Not Secure"
Although over three months remaining, Google has planned a New Year gift for the Internet users, who're concerned about their privacy and security.
Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit card details as "Not Secure" — the first step in Google's plan to discourage the use of sites that don't use encryption.
The change will take effect with the release of Chrome 56 in January 2017 and affect certain unsecured web pages that feature entry fields for sensitive data, like passwords and payment card numbers, according to a post today on the Google Security Blog.
Unencrypted HTTP has been considered dangerous particularly for login pages and payment forms, as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card data as they travel across the network.
In the following release, Chrome will flag HTTP pages as "Not secure" with a neutral indicator in the address bar of incognito mode, where users may have higher expectations of privacy.
Then, in the future, Chrome will flag all HTTP sites as "Not secure" with the same red triangle indicator the browser currently uses to indicate a broken HTTPS website.
"Chrome currently indicates HTTP connections with a neutral indicator," Emily Schechter wrote in a blog post. "This doesn't reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you."
This isn't the first time when Google is taking steps to encourage site owners to switch to HTTPS. Two years back, Google also made some changes to its search engine algorithm in an effort to give a ranking boost to the websites that use encrypted HTTPS connections.
Last month, Google also implemented HTTP Strict Transport Security (HSTS) on its main domain (google.com) in an effort to prevent users from navigating to websites using the insecure HTTP.
Google reported that today, more than half of the websites visited by Chrome users are already encrypted.
Not only Google, but Mozilla has also been encouraging users to adopt HTTPS through its Let's Encrypt project that provides free SSL/TSL certificates for website owners to help them implement HTTPS for their services.