GOOGLE CHROME is to mark sites without encryption as ‘Not Secure’ starting with Chrome 68 in July.
This means anything without an HTTPS prefix. Up to now there have been more subtle hints, such as alerts when sending to an insecure email server, but this is a ‘call a spade, a spade’ move.
Google already downgrades the page ranking of pages that don’t have security switched on and with 81 of the top 100 rated sites on the interweb now using HTTPS, there’s every chance you won’t see the message too often.
Google’s statement suggests that its primary function will be in educating the user: “Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default”.
HTTPs is already protecting 68 per cent of Chrome traffic on Android and Windows, as well as 78 per cent on Mac and Chrome OS.
The change is not unexpected. Limited support for flagging non-secure sites has been a part of the browser since Chrome 56, released 13 months ago, but was limited to pages that offered inputs for passwords and credit card information.
At that time developers were warned that the change would roll out to all at a later date.
What’s important to remember is how your site being marked as “Not Secure” will look to customers. Imagine if they’re about to pay for something and they spot “Not Secure” dangling in the URL bar?
Although Google’s primary motives for the change are inward-looking, as the world’s most popular browser, it will be keen to show that it’s looking after everyone’s best interests, not just from a machine safety perspective, but from a PR one. After all – this outreach does nothing to harm its own public perception.
Although Chrome 68 won’t be stable until July, it’ll be available in the Canary channel from April and the Beta channel from May.
Not everyone is pleased though. One dev commented on the announcement, warning: “If you are going to play god and annoy me when I visit http sites that had no need to be secure, then I will use another browser. Get a clue.”
Additionally, developers can use Google’s Lighthouse tool to check if any parts of their site (for example Flash adverts) are being served up without encryption because that will affect whether you are ranked as “not secure”. µ
Source : Inquirer