Chrome continues HTTP phase-out by removing 'secure' icon from HTTPS sites
Changes in 'secure' and 'non secure' icons comprise final steps in plan to make web secure-by-default
Google has announced it will stop marking HTTPS sites a "secure" in Chrome, as it wants the protocol to become a default standard for web browsing.
The search giant currently marks websites on the older and less secure protocol HTTP as "not secure" and uses a green "secure" label ahead of web addresses to denote when a website is using the encrypted protocol.
But from September 2018 users will no longer see sites marked as secure with the rollout of Chrome 69 as Google aims to make the web "secure by default"; HTTP sites will continue to be labeled as not secure with the rollout of Chrome 70 the following month.
According to Google, HTTP usage was previously far too high to brandish them in a strong red warning, but are now actively encouraging sites to make that transition to a far more secure outlay.
These next steps in the process comprise the final stage in Google's plan to move 'towards a more secure web', a plan that it outlined in 2016.
Writing at the time, Emily Schechter, product manager on Chrome's security team, said: "Chrome currently indicates HTTP connections with a neutral indicator. This doesn't reflect the true lack of security for HTTP connections.
"When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS."
Google says HTTPS is cheaper and easier to use, and has also provided a set-up guide for sites seeking to make the transition.
09/02/18 - Chrome pushes to phase out HTTP sites by labelling them as 'not secure'
Google has announced it will be labelling all HTTP sites as "not secure" with the release of Chrome 68.
The search giant has for some time been encouraging developers to switch their sites to the more secure HTTPS protocol. This stance will now be accelerated by the release of the new Chrome 68 in July.
Users navigating the web through Chrome 68 will find all HTTP sites are classified as not being secure. As users will most likely turn to sites that are HTTPS protected, web developers will also most likely upgrade their sites to counter the loss of web traffic.
Currently over 68% of Chrome traffic on Android and Windows is protected while over 78% is encrypted on Chrome OS and Mac.
In addition, 81% of the top 100 sites now use HTTPS and emboldened by that, Google's open-source Lighthouse tool now has an audit feature that allows developers to see which resources are being loaded as HTTP and which of those can be upgraded to a HTTPS.
"Chrome's new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default," Google said.
"HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP."
Google's approach to HTTPS adoption is very much a 'carrot and stick' move, on one hand presenting HTTPS as an appealing and easy-to-use protocol and on the other penalising websites that drag their feet when it comes to moving to the more secure protocol.
Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.