A Google effort to push websites to implement encryption is expanding. Starting in October, the company will roll out new warnings to flag HTTP connections as insecure in its Chrome browser.
For users, it means Chrome will display the words “not secure” in the browser’s address bar whenever they type any data into web pages that connect over HTTP.
However, for users who like to browse through Chrome’s privacy-enhancing Incognito mode, the warnings will appear by default on all HTTP pages visited, not only when the user enters information onto the page.
“Eventually, we plan to show the ‘not secure’ warning for all HTTP pages, even outside Incognito mode,” Google said in a blog post on Thursday.
Back in January, Google’s Chrome started using its “not secure” label, but only for HTTP pages that contain password or credit card form fields.
The danger with HTTP pages is that any data transmitted to them is unencrypted, leaving it open to be spied on. Hackers can intercept the data by compromising internet routers, snooping over public Wi-Fi networks, or through man-in-the-middle attacks that involve impersonating legitimate web services.
“Passwords and credit cards are not the only types of data that should be private,” Google said on Thursday. “Any type of data that users type into websites should not be accessible.”
Major websites, such as Google, Twitter, and Facebook, have already moved to HTTPS, a more secure protocol which encrypts the internet connection.
But while HTTPS has become dominant across the Web, not all sites have adopted it. That’s why Google has been using its Chrome browser to warn users about insecure HTTP pages.
The warnings will also push website operators to jump onboard the HTTPS bandwagon or face a potential drop in traffic. Since January, Google said it’s noticed a 23 percent reduction in visits to HTTP pages with password or credit card forms when viewed over a desktop computer.
Eventually, Google’s Chrome browser will not only list all HTTP pages as insecure, but it will also include a red triangle with the warning. To help websites move to HTTPS, Google has produced a set-up guide for interested developers.
Mozilla’s Firefox browser has also been taking similar steps to warn users about visiting HTTP sites, too.