Google Will Flag UnEncrypted Websites As Insecure Soon
Google is a company that wants ever data to be travel over a secure channel to ensure that everything is safe from security aspects, and this could be the reason that in future your browser(Chrome) will flag unencrypted websites as insecure, displaying a red “x” over a padlock in the URL bar.
Google said that in future through browsers all data would be encrypted and all sites should be visited over HTTPS. HTTP is a top in a secure layer of HTTP web protocol.
Several companies and organizations have been pushing for more encrypted sites as part of a campaign to “Encrypt All The Things,” which consists of promoting more websites to abandon the traditional, less secure HTTP protocol and adopt HTTPS.
When you're accessing a website which is not secured then chrome displays white page icon, a green locked padlock when it is, as well as a padlock with a red “x” on it when there’s something wrong with the HTTPS page the user is trying to access and if the sites are insecure then it will draw more attention.
“The goal of this proposal is to display more clearly to users that HTTP provides no data security.”
This plan had already announced back in 2014 when one of the members of the Chrome Security Team sent out a proposal to mark all HTTP websites as “non-secure.”
“The goal of this proposal is to more clearly display to users that HTTP provides no data security,” Google’s Chris Palmer wrote.
On Tuesday, in San Francisco a presentation at the Usenix Enigma security conference was held in which an engineer at security firm CloudFlare showed difference between that how it showing today when the user enables the feature in Chrome's settings, and presumably how it might look like in the future if it's enabled by default.
Parisa Tabriz, who manages Google’s security engineering team, tweeted that Google’s intention is to “call out” HTTP for what it is: “UNSAFE.”
It would be anyone a hacker at a coffee shop or a repressive government, could steal your sensitive information including passwords, private messages, everything has to travel through a secure channel over HTTP the data exchanged between the site’s server and the user is in the clear, meaning anyone with the ability to snoop on the connection.
HTTPS ensures that the user is connecting to the right site it doesn't just protect user data. The reason behind to do it's important because the fake website is a favorite tactic of hackers and malicious actors that can easily grasp the users interest. HTTPS also protect the connection from the malicious third party.
Google’s intention is to “call out” HTTP for what it is: “UNSAFE.”Tech and Privacy experts applauded Google's plan.
”Chrome pushing forward on marking plain HTTP as outright insecure is an incredibly strong and pro-user move,” Eric Mill, a technologist who's been working on web encryption, told Motherboard. ”Despite how common plain HTTP can still be today, it *is* outright insecure, and a real and present danger to users and to the open web.”
Google haven't an official announcement that when it will make the HTTP flag the default on Chrome, but according to rumors told that there will be an announcement "soon" and the goal is to make it default.