Google Chrome to Label Sites Using HTTP as Insecure Starting in July

The clock is winding down for website owners to adopt HTTPS encryption.

Starting July, Google’s Chrome browser will start labeling any site and any web page still using HTTP as “not secure”.

The move is part of a long-standing effort by Google to get websites everywhere to use encryption to better protect Internet communications and transactions against snooping, man-in-the-middle and other attacks.

Hypertext Transfer Protocol Secure (HTTPS) is a variant of the standard web transfer protocol (HTTP) that adds a layer of security on the data in transit through a secure socket layer (SSL) or transport layer security (TLS) protocol connection.

 

Google Announced This More Than a Year Ago

Google first announced its plans for the transition in September 2016. At the time the company had noted that it would start labeling HTTP connections as non-secure in a phased manner in order to give site owners and operators enough time to make the change.

Starting January 2017, with Chrome release 56 Google started labeling HTTP pages that collected sensitive information like credit card data and passwords as “not secure”. Over the rest of the year the company gradually began expanding those warnings to other types of HTTP pages as well.

For instance, subsequent releases of Chrome began labeling HTTP pages as “not secure” when users where in Incognito mode or entered any data into a web page.

Since then, a majority of websites has implemented HTTPS and the remaining is making progress towards that goal, said Chrome security product manager Emily Schechter, said in a blog Jan 8.

“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption,” Chrome security product manager Emily Schechter said in a blog post Jan 8.

Two-Thirds of Chrome Traffic Currently is HTTPS

As a result of those efforts, 68 percent of Chrome traffic on Windows and Android systems is currently protected with HTTPS, Schecter said.  Nearly 80 percent of Chrome traffic on the Chrome OS and Mac is similarly protected, and 81 of the 100 biggest websites currently use HTTPS, she noted. “Progress last year was incredible, and it’s continued since then,” Schechter said.

According to the product manager, Google has been trying to make it easier for organizations to implement HTTPS. Chrome for example now offers support for so-called mixed content audits to help site administrators more easily identify situations where a HTTPS enabled site might request an insecure HTTP.

The audit feature “helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS,” Schechter said.

Google itself has been moving over its numerous online properties to HTTPS since 2014. Currently, several of its major services including Gmail and Google Drive are 100 percent HTTPS enabled, while other services like YouTube and Google Calendar are at around 99 percent.

Volume of Encrypted Traffic Increasing Worldwide

Numbers maintained by the company show that volume of encrypted web traffic to Google is well over 90 percent in many regions of the world. For instance the percentage of traffic to Google that is encrypted in Indonesia, United Kingdom, Russia, Mexico, Japan, Brazil and Russia is all at or above 95 percent.

The U.S. and Canada are relative laggards—only about 87 percent of web traffic to Google in both these countries is encrypted.

Source: www.eweek.com