Google’s Chrome To Mark All HTTP Sites As Insecure Come July

Google is one of the many companies doing their bit to make the internet more secure. A significant milestone will occur in July 2018 for users of their Chrome browser when all HTTP websites will be marked as insecure with the release of Chrome 68 as they strongly advocate that sites adopt HTTPS encryption, according to a post on the Google Security Blog.

For the past several years there has been gradual change as Google chips away at improving web security. One of those was their strong advocacy that sites adopt HTTPS encryption. And within the last year, they’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. So beginning July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

Developers have been transitioning their sites to HTTPS and making the web safer for everyone. Progress last year was incredible, and it’s continued since then:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default.

Mozilla’s Firefox is also moving along similar lines. In January 2017 on their Security Blog, they noted “we would like to see all developers use HTTPS for their websites.” In January 2017 with the launch of Firefox 51, they began “to clearly highlight risk to the user … web pages which collect passwords but don’t use HTTPS will display a grey lock icon with a red strike-through in the address bar.”

“In upcoming releases (currently Mozilla has moved 7 versions to version 58 today), Firefox will show an in-context message when a user clicks into a username or password field on a page that doesn’t use HTTPS. That message will show the same grey lock icon with red strike-through, accompanied by a similar message, ‘This connection is not secure. Logins entered here could be compromised.’”

In the future, “to continue to promote the use of HTTPS and properly convey the risks to users, Firefox will eventually display the struck-through lock icon for all pages that don’t use HTTPS, to make clear that they are not secure. As our plans evolve, we will continue to post updates but our hope is that all developers are encouraged by these changes to take the necessary steps to protect users of the Web through HTTPS.”