Google's policy to display sites not protected by HTTPS clearly as "unsafe" in the Chrome browser

BySam Stockton

From the browser "Chrome 68" planned to be released in July 2018, Google will make "UnsafeWe announced a policy to display it.

Google Online Security Blog: A secure web is here to stay
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Chrome will show all HTTP sites as 'not secure' later this year
http://www.androidpolice.com/2018/02/08/chrome-will-show-http-sites-not-secure-later-year/

In the blog posted on February 8, 2018 in the United States time, Google displays a warning "Not Secure" at the beginning of the address bar if the site being accessed is connected via HTTP Announced that Chrome 68 will add changes to it. The image posted on the blog shows how the "Not Secure" character is displayed in addition to the already implemented "!" Icon.


This change is based on the fact that many of the communication on the web is already done by HTTPS connection. HTTPS connection that encrypts and communicates communication contents was often used for bank transactions and password authentication screens where high safety is regarded as important at first but as the security awareness rises gradually it gradually becomes a normal page Also expand usage. According to Google's survey, it seems that actual usage of HTTPS was as follows as of the end of 2017.

· 68% of traffic from Android terminal and Windows Chrome browser is protected by HTTPS
· 78% of traffic from Chrome OS and Mac's Chrome browser is protected with HTTPS
· 81 sites out of the top 100 sites on the web have HTTPS as the default

Since 2014, Google has been promoting the creation of a secure environment such as making all its services HTTPS. The Chrome 56 released in January 2017 implements a mechanism to notify the user that the connection is not protected by HTTPS with the "!" Icon.

GIGAZINE to display a warning that Google will be "unsafe" for HTTP connection sites in the future


When accessing a site which is made HTTPS in Chrome 64, the character of "Protected communication" is displayed at the top of the address bar together with the key icon as below, and the content sent to the site is displayed to others It is made to understand that it is in a state that it can not be read.


On the other hand, if the site is not compliant with HTTPS, a "!" Icon is displayed, and clicking that icon will display "gentle user information" as "Malicious user may be stolen".