Google Chrome will start today with marking all websites that make use of non-encrypted HTTP connections as unsafe. It’s expected that measure will have effect on the majority of the 1 million most popular websites on the internet, according to internet security company CloudFlare.
According to a report from CloudFlare, there are currently 542,000 of the 1 million most popular websites that don’t redirect users to encrypted HTTPS versions of their websites. This means that Chrome users will see ‘not secure’ in the address bar when they visit these websites.
From the top 100 websites, there are only 12 that don’t offer an HTTPS version. In eight cases these are Chinese websites such as Baidu and qq.com, both are in the top 10 most visited websites of the internet, according to security researcher Troy Hunt.
By showing ‘not secure’ in the address bar of websites that don’t use encrypted HTTPS connections, Google hopes more websites will switch from HTTP to HTTPS. Traffic on HTTP connections is not encrypted and can therefore be intercepted and modified. HTTPS connections encrypt the traffic between the user and the website and helps to confirm the owner of the website by using certificates.
Google has been planning to warn users for HTTP sites for some time. In 2014 already, the search giant announced the plan to mark HTTP websites as not secure. Previously Google’s browser started to show warnings on HTTP sites where users could enter credit card data, passwords and other sensitive data. Also, HTTP sites in Incognito mode were marked as insecure.
For websites owners it has become cheaper and easier than ever to offer HTTPS. The certificate authority Let’s Encrypt offers free certificates and offers an easy way to install them. After the launch of Let’s Encrypt, the number of HTTPS sites has drastically increased.
Most traffic in Chrome is through HTTPS, according to Google. Therefore, version 68 of the browser will start to warn users when they browse unencrypted HTTP sites.