Google is planning to label unsafe websites in Chrome

In an article on its Security Blog, Google presents its plans to explicitly label unsafe HTTP sites in its Chrome browser. Version 56 has been planned for January 2017 and includes a redesign of the address bar. The URL of an unencrypted website will be preceded by a 'not secure' warning. The websites provisionally targeted will be those where credit card details and passwords are transmitted over an unencrypted protocol. So what are the long term consequences that the update is likely to have for website owners and users?

If Chrome 56 is rolled out at the beginning of next year as scheduled, web addresses where credit card information and passwords are transferred over the unencrypted Hypertext Transfer Protocol (HTTP), will be preceded with ‘not secure’. Until now, the search engine giant’s browser hasn’t always indicated which web projects transfer data without TLS/SSL certificates. The green lock symbol that appears when a site is encrypted isn’t always shown. Even when it was displayed, many users didn’t notice this indicator letting them know whether the website was safe or not. This was proven by a study carried out by Google and the University of California. In subsequent versions of Chrome, the warnings will be expanded further. A possible second step is to display the 'not secure' label in incognito mode as well, and to have all HTTP sites showing this symbol since users expect a high level of security. Google may also label all unencrypted sites in standard mode, according to statements made in blog posts. The URLs concerned will also receive the red warning triangle in the address bar which until now was only used for misconfigured HTTPS websites.

In 2014, Google announced that encrypting a site where data transmission via SSL or TLS takes place would count towards the ranking. Because of this, website owners should sort out a certificate for their own project. This is also combined with the fact that transitioning to HTTPS is becoming even cheaper and easier so now the number of encrypted sites has significantly increased over the last two years. The number of Google Chrome users is increasing too: currently, more than two thirds of global users access the web through Chrome, according to statistics from w3schools.

If users are using your browser to access a page, they’re doing more than just simply clicking on an article. The digital fingerprint is not the only way that online activities can be recorded by undetected cookies and tracking tools. It’s becoming more and more common for users to leave their information deliberately either in social network posts and forums, or when they subscribe to newsletters. In many cases, you need to enter your e-mail address and sometimes you’re asked for even more sensitive information.

This data (passwords, user data, addresses, or bank details) is generally transferred from the browser to the database of the respective website using the HTTP protocol. This protocol has been providing excellent service since the web began, but it can miss an encryption of transported information. This means that data packets, which are transferred through an HTTP connection and intercepted on their way between the browser and webserver, are in plain text. This makes it a lot easier for cybercriminals to get access to log-in data for your e-mail account, your online banking account, or your home address. By implementing a SSL/TLS certificate, website operators can be sure that all communicated data is transferred encrypted and is therefore protected from any third parties that wish to get their hands on it.

Since the majority of the internet community seems to have not yet recognized the importance of SSL/TLS certification for their web project, Google Chrome 56 explains it even better. This completely revised warning system is designed to increase the users’ awareness of the importance of encrypted data transmission and force previously inactive web operators to act. The proposed changes should make this project successful and then Chrome users will avoid sites that are marked as unsafe.

Google might additionally decide to make HTTPS even more valuable as a ranking factor. While Chrome users receive a new security feature, site owners will decide whether they require SSL/TLS or not. Ambitious web project operators shouldn’t wait until Chrome 56 comes out to make the switch to encrypted data transfer. This is where the motto 'the sooner, the better' applies.