Skip to main content

Google gets more aggressive in alerting users when web pages are not secure

google implementing aggressive policies in chrome themes header
alexeyboldin/123RF
In some cases, online security is a balance between users making good choices and systems providing the required information. Phishing attempts, for example, where fake sites grab private information by masquerading as official sites, only succeed because users are fooled into thinking they’re on legitimate pages.

One way to combat phishing is to use encryption, which verifies that a site is actually what it claims to be. One way to avoid becoming a victim of phishing, therefore, is to only enter private and sensitive information, like credit card and social security numbers, on encrypted sites. Google has been slowly implementing features in Chrome to make it clear when users aren’t on encrypted pages, and it’s getting even more aggressive in its efforts to help users stay safe.

Recommended Videos

While anyone can tell if a page is secured just by looking for the “https” header in the address bar, Chrome recently started explicitly marking HTTP pages as “Not secure” whenever they include password or credit card fields. Starting in October 2017, Google will cause Chrome to show “Not secure” in more situations, specifically when users enter any data on an HTTP page and when visiting any HTTP page in Incognito mode.

Google

As the company puts it, “Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the ‘Not secure’ warning when users type data into HTTP sites.” Chrome 62 is due in October 2017, hence the timeline for implementing the more aggressive policies.

In addition, Chrome’s Incognito mode represents a particularly troublesome situation because it can cause people to confuse local privacy with data that’s entered on pages and submitted to sites. Incognito mode makes it harder to get on a user’s local machine and grab their data after a browsing session, but it does nothing to protect data once it’s sent from the browser to the internet. Therefore, Chrome will mark all HTTP pages as “Not secure” to ensure that users are reminded of those facts.

Please enable Javascript to view this content

Google’s end game is to mark all HTTP pages in all browsing modes as “Not secure.” As the company points out, HTTPS is less expensive and less of a hassle to implement than ever before, and the sooner all sites switch over to HTTPS, the better for everyone. Perhaps by pointing out more sites as insecure, Google can essentially shame a few more sites into making the transition — along with providing the information users need to take their own steps in becoming more secure in their browsing practices.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Google Chrome gets one of Microsoft Edge’s best features
Google Chrome has been updated with a new sidebar feature.

Google Chrome has announced new updates for its browser to make searching more effective without having to open a new tab or return to a previous page after inputting a new search.

The Chrome sidebar feature comes just months after Microsoft introduced a similar feature to its own browser, Edge.

Read more
Chrome extensions with 1.4M users may have stolen your data
Google Chrome icon in mac dock.

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Read more
Google just thwarted the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Read more