The last thing you want to do is broadcast your bank or other sensitive login credentials for any Nosy Nellie to see. That’s why a properly secured website asking for your confidential information uses encryption. Starting soon, Google’s Chrome browser will tattle on websites that fail to secure your passwords and credit card details.
A Google Chrome update to version 56 slated for Jan. 2017 will warn users against entering personal data such as passwords and credit card numbers on web sites that don’t follow the HTTPS protocol for data encryption. While Chrome cannot forbid users from accessing HTTP sites, the web browser can advise them against doing so by marking them to be non-secure. Encryption scrambles data so eavesdroppers can’t understand information being sent to or from your web browser. It also keeps people from modifying websites — for example, by inserting their own advertisements. And it makes life harder for police investigators and spies, which is why law enforcement and surveillance authorities have been trying to find ways around encryption.
Google wants encrypted websites to become the norm for privacy and security and it is pushing this agenda using it’s browser to the millions of users. “Chrome currently indicates HTTP connections with a neutral indicator,” wrote Emily Schechter, the Chrome Security product manager, in a blog post. “This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”
What’s the difference between HTTPS and HTTP? It all boils down to encryption—or lack thereof. HTTPS—short for HyperText Transfer Protocol Secure—ensures that any data exchanged between a user’s browser and website is encrypted. This is imperative for preventing hackers from getting access to sensitive information. HTTP sites, on the other hand, do not offer encryption.
HTTP connections are currently indicated with a neutral indicator by Chrome. In truth, this has not reflected how HTTP connections were lacking in security. Someone on the network can look or modify the website before it gets to the user when they load a website over HTTP.
A lot of websites have transitioned to HTTPS so far and its usage is increasing due to its security. More than half of Chrome desktop page loads are now serving over HTTPS. Since their release of the HTTPS report in February, 12 more of the top 100 websites have transitioned to HTTPS.
According to the official website of Chromium, the original plan was to label sites more clearly and accurately as non-secure sites. The studies have also revealed that most users do not see the lack of secure icon as a warning. Occurring too frequently too are users that are blind to their warnings on non-secure sites.
Chrome will continue to extend HTTP warnings to their users in the following releases. Users will see HTTP pages with labels of not secure in Incognito mode. They will eventually label all HTTP pages as non-secure, and they will change the HTTP security indicator to the red triangle. Google will inform updates to their plan as they approach future releases. They advise other website owners to start moving to the HTTPS for better security.
The internet search giant revealed that HTTPS is the better alternative since it is easier and affordable. It also enables both the best performance the web offers and has powerful new features. This is the first step by Google into making people think of unencrypted websites as flawed and not ordinary but it possibly would not be the last.
Google isn’t alone in this regard. Apple is pushing for app developers to use HTTPS connections for mobile apps and will make it a requirement by the end of the year.