Chrome continues HTTP phase-out by removing 'secure' icon from HTTPS sites

Changes in 'secure' and 'non secure' icons comprise final steps in plan to make web secure-by-default

Google has announced it will stop marking HTTPS sites a "secure" in Chrome, as it wants the protocol to become a default standard for web browsing. 

The search giant currently marks websites on the older and less secure protocol HTTP as "not secure" and uses a green "secure" label ahead of web addresses to denote when a website is using the encrypted protocol. 

But from September 2018 users will no longer see sites marked as secure with the rollout of Chrome 69 as Google aims to make the web "secure by default"; HTTP sites will continue to be labeled as not secure with the rollout of Chrome 70 the following month.

According to Google, HTTP usage was previously far too high to brandish them in a strong red warning, but are now actively encouraging sites to make that transition to a far more secure outlay.

These next steps in the process comprise the final stage in Google's plan to move 'towards a more secure web', a plan that it outlined in 2016.

Advertisement
Advertisement - Article continues below

Writing at the time, Emily Schechter, product manager on Chrome's security team, said: "Chrome currently indicates HTTP connections with a neutral indicator. This doesn't reflect the true lack of security for HTTP connections.

"When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.

"A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS."

Google says HTTPS is cheaper and easier to use, and has also provided a set-up guide for sites seeking to make the transition.

09/02/18 - Chrome pushes to phase out HTTP sites by labelling them as 'not secure' 

Google has announced it will be labelling all HTTP sites as "not secure" with the release of Chrome 68.

The search giant has for some time been encouraging developers to switch their sites to the more secure HTTPS protocol. This stance will now be accelerated by the release of the new Chrome 68 in July.

Users navigating the web through Chrome 68 will find all HTTP sites are classified as not being secure. As users will most likely turn to sites that are HTTPS protected, web developers will also most likely upgrade their sites to counter the loss of web traffic.

Currently over 68% of Chrome traffic on Android and Windows is protected while over 78% is encrypted on Chrome OS and Mac.

In addition, 81% of the top 100 sites now use HTTPS and emboldened by that, Google's open-source Lighthouse tool now has an audit feature that allows developers to see which resources are being loaded as HTTP and which of those can be upgraded to a HTTPS.

Advertisement
Advertisement - Article continues below

"Chrome's new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default," Google said. 

"HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP." 

Google's approach to HTTPS adoption is very much a 'carrot and stick' move, on one hand presenting HTTPS as an appealing and easy-to-use protocol and on the other penalising websites that drag their feet when it comes to moving to the more secure protocol.  

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/28014/how-to-enable-private-browsing
web browser

How to enable private browsing on any browser

25 Jun 2019
Visit/web-browsers/24796/which-is-the-best-browser-chrome-vs-firefox-vs-microsoft-edge
web browser

Google Chrome vs Firefox vs Microsoft Edge

30 Apr 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019