Starting in July 2018, Google will release a new version of its popular Chrome web browser that will mark web pages that lack HTTPS encryption as “not secure” in an effort to help protect users from sharing information with dangerous websites.

The change will first appear with the release of Chrome 68. When that version of the browser is released to the general public in the summer, it will include a “Not Secure” tag that will appear in the address bar next to the web address.

Privacy and security advocates have long encouraged the makers of web browsers to include indicators that help users understand if the website they are viewing is safe to share information with. The inclusion of the “not secure” tag should discourage Chrome users from giving personal information to sites that do not utilize proper encryption.

The process of marking HTTP sites as unsecure has been gradual and Google has slowly implemented alerts over the years to help protect users. The company started warning about sites with insufficient security back in 2016. The inclusion of a “not secure” tag on all HTTP sites will be its broadest effort yet to alert users to potential dangers online.

According to Google, the change shouldn’t change much for the majority of the web. The company has tracked adoption of HTTPS encryption over the years and has seen the protocol become commonplace in recent years—likely in part thanks to the threat of being marked “not secure” by a major browser like Google Chrome.

Google reported that 68 percent of Chrome traffic on Android and Windows devices is protected by HTTPS encryption. For Chrome OS and Mac users, the figure is even higher: 78 percent of traffic is encrypted. Eighty-one of the top 100 most visited sites on the web use HTTPS by default.

“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default,” Emily Schechter, security product manager for Google Chrome, wrote in a blog post. “HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP.”

The Difference Between HTTP And HTTPS

The difference between HTTP and HTTPS is much more than a single letter — it’s the difference between information being secure and potentially being exposed to hackers and others with malicious intentions.

HTTP stands for hypertext transfer protocol and is the protocol that allows for communication between a user and a website’s servers, allowing the user to view and interact with web pages.

What is absent from HTTP is encryption.

The connection between the user and the server is unencrypted, meaning the information can potentially be intercepted by an attacker sitting in the middle of the conversation between the user and website.

HTTPS adds encryption to the equation. The “S” stands for “secure,” meaning you can trust the connection between your computer and the server you are communicated with is encrypted and protected from anyone who may be trying to steal your information.

When a connection is encrypted, a secure tunnel is created between the user and the recipient that ensures they are the only ones able to decipher the information—an essential layer of protection for any site that requires personal data, passwords or login credentials or payment information.

To be considered secure, sites must obtain an SSL (secure sockets layer) certificate, which is used to create the secure and encrypted connection.

Google Chrome
Google removes apps from Chrome web browser. REUTERS/Stephen Lam
RELATED STORIES
Security Google Software Security