Google is planning to label unsafe websites in Chrome

In an article on its Security Blog, Google presents its plans to ex­plic­it­ly label unsafe HTTP sites in its Chrome browser. Version 56 has been planned for January 2017 and includes a redesign of the address bar. The URL of an un­en­crypt­ed website will be preceded by a 'not secure' warning. The websites pro­vi­sion­al­ly targeted will be those where credit card details and passwords are trans­mit­ted over an un­en­crypt­ed protocol. So what are the long term con­se­quences that the update is likely to have for website owners and users?

If Chrome 56 is rolled out at the beginning of next year as scheduled, web addresses where credit card in­for­ma­tion and passwords are trans­ferred over the un­en­crypt­ed Hypertext Transfer Protocol (HTTP), will be preceded with ‘not secure’. Until now, the search engine giant’s browser hasn’t always indicated which web projects transfer data without TLS/SSL cer­tifi­cates. The green lock symbol that appears when a site is encrypted isn’t always shown. Even when it was displayed, many users didn’t notice this indicator letting them know whether the website was safe or not. This was proven by a study carried out by Google and the Uni­ver­si­ty of Cal­i­for­nia. In sub­se­quent versions of Chrome, the warnings will be expanded further. A possible second step is to display the 'not secure' label in incognito mode as well, and to have all HTTP sites showing this symbol since users expect a high level of security. Google may also label all un­en­crypt­ed sites in standard mode, according to state­ments made in blog posts. The URLs concerned will also receive the red warning triangle in the address bar which until now was only used for mis­con­fig­ured HTTPS websites.

In 2014, Google announced that en­crypt­ing a site where data trans­mis­sion via SSL or TLS takes place would count towards the ranking. Because of this, website owners should sort out a cer­tifi­cate for their own project. This is also combined with the fact that tran­si­tion­ing to HTTPS is becoming even cheaper and easier so now the number of encrypted sites has sig­nif­i­cant­ly increased over the last two years. The number of Google Chrome users is in­creas­ing too: currently, more than two thirds of global users access the web through Chrome, according to sta­tis­tics from w3schools.

If users are using your browser to access a page, they’re doing more than just simply clicking on an article. The digital fin­ger­print is not the only way that online ac­tiv­i­ties can be recorded by un­de­tect­ed cookies and tracking tools. It’s becoming more and more common for users to leave their in­for­ma­tion de­lib­er­ate­ly either in social network posts and forums, or when they subscribe to newslet­ters. In many cases, you need to enter your e-mail address and sometimes you’re asked for even more sensitive in­for­ma­tion.

This data (passwords, user data, addresses, or bank details) is generally trans­ferred from the browser to the database of the re­spec­tive website using the HTTP protocol. This protocol has been providing excellent service since the web began, but it can miss an en­cryp­tion of trans­port­ed in­for­ma­tion. This means that data packets, which are trans­ferred through an HTTP con­nec­tion and in­ter­cept­ed on their way between the browser and webserver, are in plain text. This makes it a lot easier for cy­ber­crim­i­nals to get access to log-in data for your e-mail account, your online banking account, or your home address. By im­ple­ment­ing a SSL/TLS cer­tifi­cate, website operators can be sure that all com­mu­ni­cat­ed data is trans­ferred encrypted and is therefore protected from any third parties that wish to get their hands on it.

Since the majority of the internet community seems to have not yet rec­og­nized the im­por­tance of SSL/TLS cer­ti­fi­ca­tion for their web project, Google Chrome 56 explains it even better. This com­plete­ly revised warning system is designed to increase the users’ awareness of the im­por­tance of encrypted data trans­mis­sion and force pre­vi­ous­ly inactive web operators to act. The proposed changes should make this project suc­cess­ful and then Chrome users will avoid sites that are marked as unsafe.

Google might ad­di­tion­al­ly decide to make HTTPS even more valuable as a ranking factor. While Chrome users receive a new security feature, site owners will decide whether they require SSL/TLS or not. Ambitious web project operators shouldn’t wait until Chrome 56 comes out to make the switch to encrypted data transfer. This is where the motto 'the sooner, the better' applies.