Posted on January 29, 2016 by CELO NET
Google Chrome Will Mark HTTP Sites as Insecure With a Big Red X
[bold]Permanent changes are planned for future Google Chrome releases which will add a big shiny red cross in the URL bar if the website you’re accessing is not using HTTPS.[/bold]
Google said it’s planning to add this to Chrome by the end of 2015, after one of its developers proposed the idea back in December 2014.
“The goal of this proposal is to more clearly display to users that HTTP provides no data security,” said Chris Palmer in a proposal which was recently opened to the public.
A UI change with enormous consequences
His plan is based on the principle that users won’t consider something as insecure unless there’s a warning that signals this. Until now, Google was only showing errors if there was something wrong with the encryption, but not when HTTPS was lacking altogether.
By marking HTTP sites with a big red cross, Google devs are hoping to educate users about the dangers of navigating HTTP websites where they share personal details or make financial transactions.
If you’re currently accessing an HTTP page where you make credit card transactions, Google won’t display any type of error, even if sending financial information in cleartext is one of the dumbest and dangerous things you can do.
According to Google’s new plan for Chrome’s UI, users should easily notice a big red X left to the page’s URL, and avoid carrying on with their transaction.
You can see the proposed UI in action right now
The proposal put forward by Mr. Palmer has already been implemented in Chrome. If you want to see a working version, you’ll need Google Chrome 48. Some older versions might work as well since the indicators have been around for more than a year, but we haven’t tested other versions outside v48.
In Chrome, open a new tab, write and access the chrome://flags setting page.
Here you’ll need to search for the “Mark non-secure origins as non-secure” and select the “Mark non-secure origins as non-secure” option instead of “Default.”
Just today, we also reported on the new Security panel in Chrome’s DevTools which can be useful when debugging HTTPS websites.