Google Plans to Make Chrome’s Non-Secure Site Warnings More Prominent

Google Plans to Make Chrome’s Non-Secure Site Warnings More Prominent

Google Chrome has won the lion’s share of the browser market with about 57 percent usage, blowing away runner-up Safari at just 14 percent. This gives Google the power to encourage change on the web just by tweaking the way Chrome works. That’s what it did over the last few years by making it clear when a site was lacking an HTTPS secure connection. Now that most sites have moved to HTTPS, Google is looking to change the way those warnings appear to emphasize sites that are still lagging behind.

Using HTTPS encrypts the connection between you and a website, which prevents someone from intercepting your traffic or impersonating the site. In the past, the processing overhead for encrypting connections was substantial enough that only pages that took personal information would use it. Now, it’s a vanishingly small amount of power compared with all the other things a site has to do.

Google has been pushing the web toward HTTPS everywhere for years, but it stepped up efforts in 2017 with a prominent indicator when sites had secure connections. This is what’s changing. That “Secure” indicator in your address bar will become less explicit, and it’ll go away completely in time. Meanwhile, the browser will pitch a fit if you happen upon a site that doesn’t have HTTPS.

Starting in September of this year, Chrome 69 will shrink the security indicator from a green “Secure” label and lock icon to just a black icon. Later, Google plans to remove the lock icon as well. It wants HTTPS to be the default, not something about which the browser notifies us. Sites that are not secure will still have the warning in the address bar, but that’s going to become more obnoxious soon.

Google Plans to Make Chrome’s Non-Secure Site Warnings More Prominent

With the launch of Chrome 70 in October 2018, Google plans to make the non-secure warning more prominent. Previously, too many sites lacked HTTPS to do this, but now it’s time to name and shame. The browser will have a “Not secure” warning in the address bar when you are on an HTTP page. The warning will blink and turn red if you start to type on such a page to make extra-sure you know.

Google advises site administrators who haven’t implemented HTTPS to get on it. The versions of Chrome that make these changes will begin hitting the dev and beta channels very soon. Chrome dev just hit v68, so the next release will include new HTTPS behavior.

Continue reading

Google CEO Promises to Investigate Exit of Top AI Researcher
Google CEO Promises to Investigate Exit of Top AI Researcher

Google CEO Sundar Pichai has waded into the furor surrounding the termination of AI ethicist Dr. Timnit Gebru, but his memo may not help the situation much.

Google Pixel Slate Owners Report Failing Flash Storage
Google Pixel Slate Owners Report Failing Flash Storage

Google's product support forums are flooded with angry Pixel Slate owners who say their devices are running into frequent, crippling storage errors.

Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps
Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps

Both Nvidia and Google have announced iOS support for their respective cloud gaming platforms via progressive web applications. Apple can't block that.

Google Uncovers iPhone Exploit That Can Steal Data Over Wi-Fi
Google Uncovers iPhone Exploit That Can Steal Data Over Wi-Fi

According to Ian Beer of Google's Project Zero security team, the flaw allowed him to steal photos from any iPhone just by pointing a Wi-Fi antenna at it.