Chrome To Remove 'Secure' Label For HTTPS Websites
Google announced that its security indicators for HTTPS and HTTP pages will change starting this fall, in versions 69 and 70 of Chrome. HTTPS websites will not longer be shown as "Secure," while HTTP pages will be shown as "Not Secure" in red font, when users enter data.
Evolution Of Web Security Indicators
Over the past couple of years, both Chrome and Firefox have started encouraging web developers to adopt HTTPS encryption by giving them small incentives such as showing their websites’ address next to a padlock icon with a “Secure” label in green. This was supposed to make users trust these websites more, because the data exchange between the user and the server would be encrypted.
Since then, and due in no small part to the Let’s Encrypt project, which is backed by Mozilla, EFF, and others and has been offering free HTTPS certificates to everyone, many more websites have adopted encryption.
Now, Google believes that users should expect that the web is “safe by default.” Therefore, users shouldn’t need bright green labels and padlocks to know whether or not the website they visit is secure.
Chrome 69 To Lose The “Secure” Label
Starting with Chrome 69, which should land this September, Google’s browser will lose the green “Secure” wording, and its padlock will turn from green to grey. The company added that eventually Chrome will also use the padlock, too, and all you’ll see will be the web address without HTTP, HTTPS, or any other label or symbol next to it.
It’s possible Google also doesn’t want internet users to believe that a site is “secure” just because it's using HTTPS encryption. A site could use HTTPS encryption and then still lose all of your account data to hackers due to poor server security hygiene. HTTPS encryption only guarantees that your connection to the site is secure, but it says nothing about how secure your data is on a company’s server.
Chrome 70 To Add “Not Secure” Warning In Red
Chrome 56 started showing users a “Not Secure” warning in grey on login pages. Starting with Chrome 70, this fall, users will see a “Not Secure” warning in red when they enter data on HTTP pages. The HTTP pages will also be labeled “Not Secure” in grey at all times.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Perhaps the most controversial change in Google’s announcement is Google’s statement that users should expect the web to be safe. Whether we’re talking about HTTPS, PGP, S/MIME, or other encryption and security protocols, it may not serve users to hide what protocols are being used to protect their data. At the end of the day, this is also an issue of transparency, and users deserve to know how their traffic and data are protected.
Google expects that when the “Secure” label and padlock are gone, users will continue to believe that the same sites are just as secure. However, this may not happen because users have been trained for decades to expect no security unless claimed otherwise.
-
derekullo "users should expect that the web is “safe by default.” "Reply
Just like the ocean is safe by default ... -
anbello262 20978351 said:This is absolutely ridiculous. Just another reason to use firefox.
(Disclaimer: I don't mean this as a personal attack, just using your comment as a general example)
I get the feeling this is too much outrage over a very simple detail. Just a minor change in colouring, and eventually it is supposed to go away anyways (since ALL sites are expected to use https eventually).
This will only have some real impact for web owners (even less traffic for http sites), not so much for users, in my opinion. -
faalin 20978668 said:20978351 said:This is absolutely ridiculous. Just another reason to use firefox.
(Disclaimer: I don't mean this as a personal attack, just using your comment as a general example)
I get the feeling this is too much outrage over a very simple detail. Just a minor change in colouring, and eventually it is supposed to go away anyways (since ALL sites are expected to use https eventually).
This will only have some real impact for web owners (even less traffic for http sites), not so much for users, in my opinion.
Is this like everyone was suppose to go to the chip paying stations 3 years ago, but my local post office still has a post-it note over the slot saying "Coming Soon"
-
TJ Hooker
Why? Instead of highlighting sites that are secure (HTTPS), it will instead be highlighting sites that aren't. Highlighting which sites are insecure rather than the ones that are secure seems like a reasonable move to me.20978351 said:This is absolutely ridiculous. Just another reason to use firefox.
That being said, +1 to the brave browser comment above. Although it's still in beta, really looking forward to the 1.0 release. -
antilycus Google Chrome became what IE was. Going away from standards and trying to put their spin on it. It's not as a bad as Edge but if you aren't able to see this, you aren't looking because you don't want to accept it.Reply -
drtweak i agree with this. Non encrypted sites will be more noticeable now. People don't look or don't care but if they see something like the color red next to the web address it might catch their eye more.Reply -
rremmy72 20978710 said:Brave browser or bust
Damn right! Screw Chrome and its dubious data collection policies and google censorship.