Google on Tuesday announced a major new milestone from its Chrome browser. Going forward, the company will mark HTTP sites that are not encrypted as “Not Secure” in an attempt to better inform users and site owners of the perils that come with using unencrypted sites for sensitive data transfer. As it stands right now, the Chrome browser has a “Secure” marker that’s displayed before the HTTPS part of every web address to tell users that encryption protects the data they send and receive.
When you load a website over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you. With HTTPS, your connection to the site is encrypted, so eavesdroppers are locked out, and information (like passwords or credit card info) will be private when sent to the site.
In September, that “Secure” label will go away, as HTTPS security will be considered the default. Then, in October, Google will display a “Not Secure” warning when you visit any HTTP site. Currently, only sites that collect passwords and credit card information are marked that way, as well as HTTP pages where users enter other types of data, and HTTP pages visited in incognito mode.
Here’s how the warning will show up in Chrome 70 this October:
Google says that HTTPS usage has made “incredible progress,” according to its own Transparency Report, in the two years since Google decided it would mark encrypted sites as secure. Some 76% of Chrome traffic on Android is protected, up from 42%, while 85% of Chrome Traffic on Chrome OS is now protected, up from 67%. Furthermore, 83 of the top 100 sites on the web use HTTPS by default, up from 37%.