As the Web moves toward HTTPS by default, Chrome will remove “secure” indicator

by
Peter Bright
from Ars Technica - All content on (#3QFF0)
padlock-800x533.jpg

Enlarge (credit: Indigo girl / Flickr)

Back in February, Google announced its plans to label all sites accessed over regular unencrypted HTTP as "not secure," starting in July. Today, the company described the next change it will make to its browser: in September, Google will stop marking HTTPS sites as secure.

remove-secure-label-640x310.png

Before and after representation of the removed "Secure" label. (credit: Google)

The background to this change is the Web's gradual migration to the use of HTTPS rather than HTTP. With an ever-growing fraction of the Web being served over secure HTTPS-something now easy to do at zero cost thanks to the Let's Encrypt initiative-Google is anticipating a world where HTTPS is the default. In this world, only the occasional unsafe site should have its URL highlighted, not the boring and humdrum secure site.

insecure-page-with-input.gif

Type data into the form and the "Not secure" message goes from gray to red. (credit: Google)

Most HTTP sites will get a regular gray "Not secure" label in their address bar. If the page has user input, however, that gray label will become red, indicating the particular risk the page represents: Web forms served up over HTTP could send their contents anywhere, making them risky places to type passwords or credit card numbers.

Read on Ars Technica | Comments

index?i=-Atg-pNYZmU:k_gIHYe1ekE:V_sGLiPB index?i=-Atg-pNYZmU:k_gIHYe1ekE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments