Google's Chrome browser to label all sites with text input areas as "Not Secure" starting in October
In a bid to promote a safer internet, Google has been progressive in marking HTTP and FTP sites as "Not Secure" in its Chrome browser. This move is aimed at encouraging website owners to adopt HTTPS, a more secure version of the traditional HTTP protocol.
HTTPS stands for Hypertext Transfer Protocol Secure, and it uses TLS (Transport Layer Security) certificates to encrypt data, thereby improving security and privacy for users. The lack of HTTPS can potentially allow data to be intercepted or modified by attackers.
Starting from Chrome 63, released around October 2017, Google began warning users with a "Not secure" label in the URL bar when they visit HTTP pages that collect passwords or credit card information. This was further extended in Chrome 68, released in July 2018, to mark all HTTP websites as "Not secure," regardless of whether they collect sensitive data.
By Chrome 70, due to be released in October 2018, Google will further intensify these warnings by displaying a red "Not secure" label on HTTP pages, especially when users interact with them (e.g., entering data).
FTP (File Transfer Protocol), implemented in the 1970s, is unencrypted and vulnerable, making it prone to hacking, malware, and phishing. Google has announced that it will also mark FTP sites as "Not Secure" starting from Chrome 63, to be released in December 2017. To prevent this marking, a security certificate and migration to HTTPS is required.
Google's policy of pushing for a more secure web is evident in these changes. Sites without valid TLS/SSL certificates serving content over HTTP are marked "Not secure." Sites with HTTPS but invalid certificates may also trigger security warnings.
These changes reflect Google's commitment to a safer web, making the lack of HTTPS more visible to users. No other major exceptions or complex cases are mentioned specifically for these Chrome versions. It is also relevant to note that starting from Chrome 56, warnings on insecure HTTP pages collecting passwords and credit cards began, building up to the stricter policies in 68 and 70.
Notable websites that use EV SSL (Extended Validation Secure Sockets Layer), a high level of security protocol, include Facebook, Messenger, Twitter, Pinterest, LinkedIn, Whatsapp, and various email services. This shift towards a more secure web is a positive step towards protecting user data and maintaining privacy online.
[1] Source: Google Chrome Developers Document
Technology plays a crucial role in Google's mission to ensure a safer internet, as highlighted by its persistent efforts to mark HTTP and FTP sites as "Not Secure". This initiative aims to encourage website owners to adopt HTTPS, a secure version of the traditional HTTP protocol that uses TLS certificates to encrypt data.
