Google Will Shame Websites Without HTTPS Encryption Starting January 2017

Google Chrome will mark HTTP websites that transmit passwords or credit card details as insecure from January 2017 in a move to warn users away from non-secure sites.

The move will likely force websites with HTTP connections to adopt the more secure encrypted HTTPS web connections.

Currently, the Chrome browser marks HTTP websites as neutral. But Emily Schechter, a member of Google’s Chrome security team, noted the search company will treat those sites more harshly come the New Year.

“Historically, Chrome has not explicitly labelled HTTP connections as non-secure,” she said. “This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”

HTTP shame

Adoption of HTTPS is under way; over half of Chrome desktop page loads are now served over HTTPS according to Schechter.

Google is keen to effectively shame websites still using HTTP as Schechter noted that studies show many Chrome users do not perceive that the lack of an icon showing a site is secure as a warning not to visit it, and that they have become blind to other warnings that occur to frequently.

“Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature,” explained Schechter, noting Google will continue to extend the capabilities of HTTP warnings in following releases of Chrome.

HTTPS is also gathering traction with other web companies, such as WordPress which is rolling out free HTTPS encryption to all the custom domains it hosts. And the UK government has a policy that requires all of its online services to use HTTPS connections.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

View Comments

Recent Posts

Samsung Touts AI Features With Galaxy S25 Smartphones

Launch of Samsung's Galaxy S25 Ultra, Galaxy S25+ and Galaxy S25 sees the handsets described…

1 hour ago

LinkedIn Sued Over Alleged Use Of Private Messages To Train AI

Microsoft's LinkedIn sued for allegedly using customer data, including private messages, to train AI models…

3 hours ago

Amazon To Shutter Sites In Unionised Province In Canada

1,700 jobs to be lost in Quebec, as Amazon says it will close seven sites…

18 hours ago

Google Wins UK Injunction To Halt Russian Enforcement Of Judgements

Google wins permanent injunction from London's High Court to prevent enforcement of Russian YouTube judgements

20 hours ago

Tech Giants Announce $500 Billion AI Plan In US

OpenAI, SoftBank, Oracle and others form joint venture called 'The Stargate Project' – to build…

21 hours ago

CMA Chair Replaced By Government Amid Growth Drive

Government replaces chairman of the competition watchdog with former Amazon boss, amid Labour's “growth” drive…

22 hours ago