Chrome takes tougher stance on unencrypted websites that transmit secure data


Google Chrome is taking encryption seriously to safeguard the secure exchange of data and personal information.

From January, next year, Chrome will label websites that don’t use web encryption as ‘not secure’. This first and foremost will target those domains that transmit passwords and credit card information.

Chrome, though, has not labelled HTTP connections as non-secure in the past, the latest move is to tighten browser security and prevent unintended data leaks and unauthorised access to data.

“A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing,” according to Emily Schechter of Chrome Security Team.

“We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS,” she writes in a Google blog post.

Currently, Google indicates connection security of a website with an icon in the address bar.

Studies show that users do not perceive the lack of a “secure” icon as a warning. “Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria,” shared Emily.

Beginning January 2017, Chrome will label unencrypted HTTP pages with password or credit card form fields as ‘not secure’, with later releases extending HTTP warnings in Incognito mode. Eventually, Google plans to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that is used for broken HTTPS.

Though in the early days of Internet, information were transmitted in plain text, the threat presented by cyber attacks and malware saw the adoption of SSL technology to transmit data.

Showing how seriously it took web security, Google said it will periodically access the state of HTTPS support on Alexa Top 100 sites, which account for 25% of all web traffic.

During March, Google announced its regular Transparency Report will have a special section dedicated to encryption usage.

Google’s Transparency Report also includes a Certificate Transparency checker that will allow users to verify the validity of an SSL/TLS certificate

Providing insight into its own use of HTTPS encryption, the search giant revealed that 100% of data is sent via HTTPS for Gmail, 83% of data is sent via HTTPS for Maps and 60% of data is sent via HTTPS for Google News.

Google is now considering HTTPS as a ranking signal. They have even started indexing secure pages over unsecured pages.


Comments are closed.