Google is making another change to the way Chrome indicates HTTPS and HTTP sites. Starting with September’s release of Chrome 69, the world’s most popular browser will stop marking HTTPS sites with the green “secure” label in the address bar—it believes that users should expect this to be the default state. Then in October, Chrome will start showing a red “not secure” warning when users enter data on HTTP pages.
More than half the internet now uses the HTTPS protocol, which encrypts data in transit. The secure connection helps prevent against man-in-the-middle attacks and protects data from the prying eyes of third parties.
Chrome Security Product Manager, Emily Schechter, writes, “Since we’ll soon start marking all HTTP pages as ‘not secure’, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure. Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018 (Chrome 69),”
When Chrome 68 rolls out in July, users will spot an HTTP site by a grey “Not secure” label in the address bar. In October’s Chrome 70, Google is making this more noticeable; the grey “Not secure” warning remains, but it will turn red when users start entering data on the page.
Back in February, Google said 81 out of the top 100 websites used HTTPS as default. It added that 78 percent of Chrome traffic on both Chrome OS and Mac was encrypted, while 70 percent of Chrome traffic on Windows was protected. The figure for Chrome traffic on Android stood at 68 percent.