According to a blog post, Users of Google’s Chrome browser who visit an HTTP site will receive an alert that the site may not be fully secure, starting in 2015.
Initial alerts will simply mark a non-HTTPS site as having ‘Dubious” security but at a future date, Chrome will start labeling such sites as ‘Non-secure.”
“The goal of this proposal is to more clearly display to users that HTTP provides no data security,” members of the Chrome Security Team said in a blog post.
The blog noted that all data communication on the web needs to be secure. When a site offers no security, users need to be informed about it so they can decide how, and whether to interact with the site.
HTTPS websites use Secure Socket Layer (SSL) encryption to protect traffic between the client and server. The digital certificate that is used to encrypt the session also serves to authenticate the website, thereby providing another level of assurance for the user.
HTTPS websites offer much better data protection for users than HTTP sites and protect against man-in-the-middle attacks and spoofed Websites.
Browsers like Chrome, Firefox and Internet Explorer use a padlock icon in the navigation bar to indicate if a website uses HTTPS or not. Going forward, Google’s plan is to have Chrome affirmatively indicate if a website is insecure because it uses HTTP.
In order to give website owners time to move to HTTPS, Google will attach only modest significance to HTTPS use at least initially. “But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS,” trend analysts from Google wrote earlier this year.