Google will begin marking HTTP pages where users can enter data as “not secure” in its Google Chrome browser come October.
The change will appear in the release of Chrome 62, and will expand on the browser’s current warning system for unsecure websites. It will also add a “not secure” notification on all HTTP pages visited in incognito mode.
Google’s plan will mark any HTTP site that allows a user to type data into it as “not secure” as part of its expanding effort to protect users from sharing information on sites that do not have basic security protocols in place.
“When users browse Chrome with incognito mode, they likely have increased expectations of privacy,” Chrome security team member Emily Schechter said in a blog post. “However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in incognito mode.”
The long-term plan is to issue a security warning on every HTTP page a user visits, even outside incognito mode — a temporary browsing experience that does not save a history of sites visited or files downloaded.
Google said HTTPS — a secure and encrypted method for users to connect to websites — is “easier and cheaper than ever before” and improves the overall internet experience for users.
Google began issuing its warnings in Chrome 56, released in January, with a “not secure” label on HTTP sites that had data fields that allowed users to enter passwords or payment and financial information.
The search giant said there has been a 23 percent reduction in the number of visits to HTTP pages with password or credit card forms on desktop since it introduced the warning signs.
The Difference Between HTTP And HTTPS
The difference between HTTP and HTTPS is much more than a single letter — it’s the difference between information being secure and potentially being exposed to hackers and others with malicious intentions.
HTTP stands for hypertext transfer protocol and is the protocol that allows for communication between a user and a website’s servers, allowing the user to view and interact with webpages.
What is absent from HTTP is encryption. The connection between the user and the server is unencrypted, meaning the information can potentially be intercepted by an attacker sitting in the middle of the conversation between the user and website.
HTTPS adds encryption to the equation. The “S” stands for “secure,” meaning you can trust the connection between your computer and the server you are communicated with is encrypted and protected from anyone who may be trying to steal your information.
To be considered secure, sites must obtain an SSL (secure sockets layer) certificate, which is used to create the secure and encrypted connection.