Google recently announced that from January 2017 onwards chrome browser will start warning users about websites using insecure HTTP connections to transmit passwords and credit card data as insecure, as part of a long-term plan to mark all HTTP sites as non-secure.
Eventually, Chrome will add the security warning to HTTP pages when a user visits them in the browser’s “Incognito” mode, and later the warning will roll out to all HTTP pages.
In January, Chrome users can start looking out for the security warning in the address bar of their browser. It’ll look like this at first:
Chrome currently indicates HTTP connections with a neutral indicator. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.
The changes seem intended to pressure site owners to switch to a more secure HTTPS, which encrypts data while in transit and helps prevent the site from being modified by a malicious user on the network. “Don’t wait to get started moving to HTTPS. HTTPS is easier and cheaper than ever before, and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP,” Chrome’s Emily Schechter wrote in a post announcing the changes.
Google, which runs Chrome, isn’t the only company leaning on websites to make their connections more secure. Apple said earlier this year that it would require app developers to force HTTPS connections for iOS apps by the end of 2016, and Facebook’s Instant Articles are served over HTTPS, automatically adding security for readers even if they wouldn’t get it on the publication’s own website. Pressure from some of the world’s biggest tech companies will undoubtedly push security forward for millions of people.