Just one year after Chromium Security team from Google announced that they were going to begin marking HTTP sites as non-secure, the company is now going to implement it in Chrome.
The tech giant highlighted this proposal in 2014: since HTTP websites don’t provide data security to users, why wouldn’t the browsers warn them of this by displaying a red cross over a padlock next to the URL instead of not warning them at all?
Google called out Mozilla, Microsoft, and Apple to fix the situation slowly, so that eventually the unmarked sites will have HTTPS.
With HTTPS, the connection is encrypted and the website’s digital certificate is verified by third-party certificate authorities.
The newest markings in Chrome were designed to encourage a wider adoption of HTTPS.
Google have argued that a properly secured connection can cause issues for surveillance attacks on the internet. It began in 2014 by using HTTPS as a ranking signal that was positive and then adjusting their indexing system to be able to begin crawling for HTTPS equivalents of HTTP pages and then prioritizing them when they were available.
Although, it wasn’t until this week that they announced progress on their proposal. At the Usenix Enigma 2016 security conference Google offered a chance to see what The New York Times’ site would look like when Chrome implements the new feature.
It isn’t clear when Google will be introducing the new marking system by default in Chrome, although there have been some observers that have taken it as a sign that it will work.
Chromium issue tracker has even indicated that it’s going on with the feature. They have a goal of marking the same non-secure HTTP pages that use the same bad indicator as a broken HTTPS, since it is more accurate at marking pages as neutral and it simplifies the set of security indicators.
Google have begun preparing to start marking HTTP as bad, but they have also released new tools to help their developers build HTTPS sites.
Google then announced a new development tool for Chrome called Security Panel that will help developers to identify the common issues that prevent sites from getting a green padlock that represents a secured connection.
The tool will be able to check the digital certificate and state whether or not the site is using Secure Protocol, Key Exchange, and Cipher Suite.
It will also be able to point to the source that has mixed content issues like a non-secured image on a secured page, which will cause a gray padlock that has a yellow triangle.