Google Chrome now alerts users when they visit unsecure sites, or rather, it's now listing all unencrypted sites as explicitly "not secure," beginning with the release of version 48.
The change applies to all HTTP sites, which will now be accompanied with a "Not Secure" image in the address bar. The update won't have any impact of HTTPS-enabled sites, of course.
Chrome Now Labels Unsecure Sites
The move was previously hinted this past February as part of Google's multi-pronged push for increased encryption usage on the web. The search engine has been ranking HTTPS higher in results compared with their HTTP counterparts since 2014, which forced many to adopt Google's mandates.
Google has also been a key investor in research into the encryption standards underlying HTTPS. It was generous enough to donate server time for a demonstration of a SHA-1 collision last year.
Labeling HTTP sites as unsecure, according to Google, is a milestone for security on Chrome.
"Security has been one of Chrome's core principles since the beginning — we're constantly working to keep you safe as you browse the web," the company wrote in a blog post. "[Not Secure labels make] it easier to know whether your personal information is safe as it travels across the web, whether you're checking your bank account or buying concert tickets."
What Is HTTPS?
HTTPS, for the uninitiated, is a form of encryption on the web that's supposed to ensure that the connection between a user and a site doesn't have any backdoors. These backdoors can be used by ill-intent agents to steal sensitive data. Sites that don't implement this security measure are almost always vulnerable to malware injection, which The Verge notes is a common tactic used by low-level cyber-criminals.
Majority of the sites that don't have encryption are likely duping visitors deliberately as well, given that HTTPS certificates and protocols are widely available and typically don't cost a thing. CloudFlare, for starters, gives webmasters the necessary tools to encrypt their sites hassle-free, while public service projects such as Let's Encrypt also offer similar functionalities.
According to Google, its push for encryption has made significant progress in just two years. Not only has HTTPS usage increased on Android's overall Chrome traffic, but it's also ballooned 85 percent on ChromeOS. 83 percent of the top 100 sites now all use HTTPS by default too.
"So when you're shopping for concert tickets or online banking, rest assured: you'll be warned if a site is not protecting your data with HTTPS," said Google. "And we'll continue to improve Chrome's security, to make sure you're using the most secure browser out there."