TechSpot

Google is making it easier to spot non-secure websites in Chrome

By Shawn Knight
Sep 8, 2016
Post New Reply
  1. Google is bringing the fight to non-encrypted login websites. Beginning with Chrome 56, the search giant’s popular web browser will utilize a new visual indicator to let people know that a site isn’t secure.

    Emily Schechter from the Chrome Security Team explained in a recent blog post that Chrome currently indicates HTTP connections with a neutral indicator. Once it arrives, Chrome 56 will mark HTTP sites that transmit passwords or credit card information as explicitly being non-secure as shown in the example below.

    Google recently found that more than half of Chrome desktop page loads are now served over HTTPS. In fact, since its last HTTPS report in February, 12 more of the top 100 websites have switched their serving default from HTTP to HTTPS.

    Schechter points to a recent study that suggests the lack of a “secure” icon is not perceived as a warning. Conversely, users become blind to warnings that occur too frequently. For these reasons, the Chrome Security Team is planning to roll out its labeling system gradually over time.

    In subsequent releases, for example, they’ll extend the warning to non-secure sites visited in Incognito mode with the eventual goal of labeling all HTTP pages as non-secure. Furthermore, they will change the HTTP security indicator to the red triangle icon currently used for broken HTTPS connections.

    Google expects to release Chrome 56 with the enhanced warning system in place in January 2017.

    Permalink to story.

     
  2. Cycloid Torus

    Cycloid Torus TS Evangelist Posts: 1,654   +308

    Why wait??? oh, they aren't 'ready'. Why has it taken over 2 years? oh, they were monetizing... Yah, I can wait...
     
  3. VitalyT

    VitalyT Russ-Puss Posts: 3,148   +1,421

    Thank you, Google, I feel safer already.
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,308   +617

    :giggle: It's not the link level that's the problem, but the data at rest on the web servers!!
    Bust into and browse the unencrypted data all day long, taking whatever pleases you.

    This is why Master Charge has the chip that stops the transaction reply, but sadly there's tons of other stuff to be gleaned off servers.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...