Google Chrome 68 begins the death knell for the insecure internet by marking HTTP sites as ‘Not secure.’
The tag will show up on the left side of the address bar for all sites using HTTP. Unlike HTTPS, sites running HTTP aren’t encrypted, meaning anyone could snoop on data traffic between your computer and the website you’re visiting.
We knew this was coming. Google was working towards this all along — it wants the web to be secure by default.
In May, Chrome announced it would kill that familiar green security tag that popped up in the address bar. The tag let you know you were browsing a site with a secure, encrypted HTTPS connection.
The plan was to switch things around. Instead of highlighting websites that were secure, the Chrome team thought encryption should be the default. While this project has been in motion since 2016, some of the biggest steps are happening now.
Chrome 68 will add a ‘Not secure’ tag to all HTTP sites. Chrome 69, due out in September, will reduce the green security tag on HTTPS sites to a small grey lock icon.
Furthermore, in Chrome 70 the ‘Not secure’ tag on HTTP sites will turn red.
Eventually, the team also plans to remove the grey lock icon from secure sites.
The idea is that the web should just be secure. Users should only be notified when the sites they go on isn’t secure — the rest of the time, they shouldn’t worry.
Chrome 68 begins rolling out to users today with that first crucial step.