Google is going to start pointing out when web pages that aren’t encrypted as part of its aggressive and on-going campaign to improve browser security.
Almost the entire Web is built on HTTP, or the Hypertext Transfer Protocol. It’s basically the language that browsers and web pages speak to each other. HTTP is great for a lot of reasons, and its wide adoption is a boon for compatibility, but it’s inherently insecure.
In fact, it’s remarkably easy to intercept traffic to and from unsecured HTTP servers, which is why HTTPS was introduced. As the secure version of HTTP, HTTPS encrypts data sent to and from users, protecting it with an SSL certificate. SSL as a security layer is basically unbreakable, although there are rumors the NSA and British Surveillance have their own methods, and security certificates are sometimes improperly issued, a problem that put Google in conflict with Symantec last year.
Chrome distinguishes HTTP from HTTPS pages using an icon to the left of the URL, where the favicon (for example, the tiny Digital Trends logo on this tab) changes based on the security settings of the current page. A standard, un-encrypted site is marked by a white page icon, while a secure site is marked with a green padlock. If a page claims it’s secure, but Chrome spots issues with its implementation, the padlock will be marked with a red X. Clicking the icon in any case will bring up more info on the site.
Soon, sites that are unencrypted will be marked with a padlock and X icon, just like the poorly secured sites. The idea was actually proposed as part of an addition to the Chromium project, but now it appears it will be implemented in the standard version of Chrome as well. It was shown off as a feature during a presentation at the Usenix Enigma security conference.
When this change will make its way into the public version of the browser remains to be seen. It can be enabled in an advanced settings tab by navigating to “chrome://flags” and selecting “mark non-secure origins as non-secure,” a setting that’s simultaneously self-explanatory and confusing.
The move might seem extreme to some, but it’s important to protect your data everywhere on the Internet, not just on sites with passwords or sensitive information. The move towards a completely secure Web is one that everyone is going to benefit from, and if any company can make it happen, it’s Google.