Google Chrome Will Begin Labeling HTTP Sites as “Not Secure” Starting July 2018
When it comes to making the internet a safer place, Google is leading the charge. For years, it’s campaigned against unsecured HTTP sites that solicit sensitive information like payment details, and in 2015 began prioritizing websites that use HTTPS — an encrypted alternative to HTTP — in Google Search. And starting July 2018 with Google Chrome 68, Google will begin designating unencrypted websites “Not secure” with a label in the address bar.
Google began labeling HTTP pages with password or credit card form fields as “not secure” in January with Chrome 56, and recently brought the “not secure” label to Chrome’s Incognito mode. But in Chrome 68, it’ll show the “Not secure” tag by default on all unencrypted websites.
The idea is to keep users aware of where they are on the internet and whether it’s safe to submit sensitive information. “For the past several years, we’ve moved toward a more secure web by strongly advocating for HTTPS encryption, and helped users to understand that HTTP sites are not secure,” Google said in a blog post. “Developers transitioning their sites to HTTPS have made the web safer for everyone.”
Thanks to the efforts of developers who’ve transitioned their sites to HTTPS, over 68 percent of all Google Chrome traffic on Android and Windows is protected, Google says, and over 78 percent of all Chrome traffic on Chrome OS and Mac. What’s more, 81 of the top 100 sites on the internet use HTTPS.
It caps off a year of incredible progress. As of October 2017 in Japan, HTTPS traffic surged from 31 percent to 55 percent, according to Google, and in Brazil, it rose from 50 percent to 66 percent.
With the wealth of available documentation about HTTPS, there’s no reason developers shouldn’t adopt it, really. It’s cheaper and easier than ever before, thanks in part to efforts like Let’s Encrypt, a free and automated certificate authority, and Google’s SSL for Google App Engine. There are also tools like Lighthouse, the latest version of which identifies website resources which are ready to be upgraded to HTTPS, and Google-made guides to moving sites to HTTPS.
“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default,” Google said. “Chrome is dedicated to building a better web that provides secure and safe experiences for our users.”