Google details how it will overturn encryption signals in Chrome
Google has further fleshed out plans to upend the historical approach browsers have taken to warn users of insecure websites, spelling out more gradual steps the company will take with Chrome this year.
Starting in September, Google will stop marking plain-vanilla HTTP sites – those not secured with a digital certificate, and which don’t encrypt traffic between browser and site servers – as secure in Chrome’s address bar. The following month, Chrome will tag HTTP pages with a red “Not Secure” marker when users enter any kind of data.
Eventually, Google will have Chrome label every HTTP website as, in its words, “affirmatively non-secure.” By doing so, Chrome will have completed a 180-degree turn from browsers’ original signage – marking secure HTTPS sites, usually with a padlock icon of some shade, to indicate encryption and a digital certificate – to labeling only those pages that are insecure.