From July on, Chrome will brand plain old HTTP as “Not secure”

Enlarge (credit: Indigo girl)

As more and more websites offer access over encrypted HTTPS, Chrome will soon brand any site served up over plain, unencrypted HTTP as “Not secure.” Chrome 68, due for release in July, will start sticking the “Not secure” label in the address bar, as a counterpart to the “Secure” label and padlock icon that HTTPS sites get.

This is a continuation of a change made in January of last year where Chrome would brand HTTP sites with password forms as being “Not secure.”

Google says that 81 of the top 100 sites on the Web default to HTTPS and that 68 percent of Chrome traffic on Android and Windows uses HTTPS. As such, non-secure HTTP is becoming the exception, not the rule, justifying the explicit call-out. While HTTPS once required expensive certificates, projects such as Let’s Encrypt have made it easy to add HTTPS to just about any site at zero cost.

Read on Ars Technica | Comments