Google Chrome team proposes to make all web browsers tag HTML websites as ‘non-secure’ destinations
The Chrome Security Team has proposed that all web browsers should mark HTTP websites as “non-secure”.
The proposal is part of a drive to make the Internet a safer, more secure environment, but the change is sure to anger some web developers.
The proposal was made by the Chrome Security Team on the Chromium.org site. Essentially, what the Chrome boffins are proposing is that from next year, all web browsers should tag HTTP websites as “non-secure”.
In August, Google announced that websites using HTTPS encryption would be ranked more favourably by Google’s search algorithm as part of a campaign that aims to motivate webmasters to make their sites more secure.
In an effort not to blindside website managers with the move, the Chrome team proposed three main states for websites.
It said that websites that use valid HTTPS and other origins like (*, localhost, *)] would be labelled as ‘Secure’. The next level down would be ‘Dubious’ (valid HTTPS but with mixed passive resources, and valid HTTPS with minor TLS errors).
The final layer would be tagged as ‘non-secure’ that would be websites with broken HTTPS and HTTP.
Google has been redirecting users to an HTTPS version of its search engine since 2011 and has used SSL for Gmail since January 2010 after learning Gmail had been hacked in China. All incoming and outgoing Gmail messages are now encrypted using HTTPS connections to better protect users from interception by attackers or spying.
Are you a Google expert? Take our quiz!