Google Chrome Moves Toward Full HTTPS
A warning against all HTTP sites is apparently on the horizon.
Changes to Google Chrome will soon flag all unencrypted websites as insecure, Motherboard reports Wednesday.
At some point in the future, the Chrome browser will demarcate an unencrypted site with a red “X” placed over a padlock in the URL bar, with the intention of pushing all sites to serve with the secure communication protocol HTTPS.
HTTPS provides information protection, stopping outside hackers and snoopers from dipping into communication, and possibly coming away with your private messages, passwords, or other sensitive data — as well as deflecting fake versions of websites that could also allow for hacking, censorship, or the attachment of malware.
The push for complete encryption is not limited to Google’s interests, as browsers Firefox and Opera have also sought such a move — working with the nonprofit digital civil liberties watch group Electric Frontier Foundation (EFF) and the anonymous communication software Tor Project — on the HTTPS Everywhere campaign, intended to secure web browsing.
The EFF is also onboard with Encrypt All The Things — a separate movement that includes such supporters as Reddit, Twitter, and Dropbox — that believes “in the importance of protecting our networks, data, and users from unauthorized access and surveillance, and educating the public on the same.”
As of this writing, Chrome simply displays a white page icon to indicate a website is not HTTPS secured:
Chrome icon indicating a website is not HTTPS secured.
A locked green padlock to indicate it is:
Chrome icon indicating a website is HTTPS secured.
… and a red “x” over a padlock when there’s an issue with a page:
Chrome icon indicating a possible problem with a website.
The HTTPS push is actually not new for Chrome, as this plan was first announced in 2014. However, Google — at the Usenix Enigma security conference in San Francisco Tuesday — publically renewed its goal, and shared the model on Twitter:
… and furthermore, declared the danger lurking within HTTP browsing:
Google is yet to announce when the flagging will commence, but Motherboard states a “Google employee who asked to remain anonymous” tells them a declaration is coming “soon.” It is, nevertheless, available to turn on by typing “chrome://flags” in the Chrome browser, and then move to “mark non-secure as” and select “mark non-secure origins as non-secure.” (You will come across a warning if you do choose to try this that explains “These experimental features may change, break, or disappear at any time” and advises users to “proceed with caution.”)
