In an effort to warn users of online dangers, Google's Chrome browser will soon label standard HTTP-based websites that ask for passwords or credit-card numbers with an "i" for "insecure" right in the URL address bar.
The plan, set to go into effect with Chrome 56 in January, will affect millions of websites. Many newspaper websites, for example, ask users to input sensitive information into form fields, yet don't encrypt that information as it travels over the web. (Tom's Guide is mostly unencrypted, but shifts to the encrypted HTTPS protocol for login pages.)
"Chrome currently indicates HTTP connections with a neutral indicator," a Google blog posting yesterday (Sept. 8) read. "This doesn't reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you."
Chrome labels properly configured HTTPS websites (the "s" stands for "secure") with a green padlock icon in the address bar; HTTPS sites with misconfigured encryption get a red warning triangle. Plain-vanilla HTTP sites, which transmit all data going to and from the user in the clear, get a boring gray icon of a blank sheet of paper.
That last part's about to change for HTTP sites that ask for sensitive info. For example, one newspaper site in the San Francisco Bay Area invites users to log in with usernames and passwords, and even register with full names, street addresses and dates of birth (three of the four criteria often used to steal identities), all over unencrypted connections.
Beginning in January, those sites' address-bar icons will change from the blank piece of paper to a gray "i" in a circle, accompanied by the words "Not secure," as indicated below.
But that won't be the end of the process. Google plans to also label all HTTP sites viewed in Incognito mode with the insecure "i," although no timetable was given for that. Then, someday, all HTTP sites viewed in any mode, with or without form fields, will get the dreaded red triangle.
"Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS," yesterday's blog posting said.
Chrome Browser Tips
- How to Reduce Memory Usage in Chrome
- How to Silence Noisy Tabs in Chrome
- Hide Your Chrome Browsing From Your Boss
- Enable Guest Browsing in Chrome
- How to Make Chrome More Touch-Friendly
- How to Enable Do Not Track in Chrome
- How to Put Chrome in High Contrast Mode
- Remove Extensions from Chrome
- How to Resume an Interrupted Download in Chrome
- Protect Yourself from Spoilers with the Chrome Browser
- How to Create Desktop Shortcuts for Web Pages Using Chrome
- How to Use Chrome Extensions in Incognito Mode
- Disable (and Enable) Notifications in Chrome
- How to Use Chrome's Built-in Task Manager
- Add a Home Button to Chrome
- How to Change Your Default Search Engine in Chrome's Omnibox
- Show Frames Per Second in Chrome
- Get Gmail Notifications in Chrome
- How to Clear Your Internet History in Chrome
- How to Stop Pop-Ups in Chrome
- How to Prevent Scrollbar Jumping
- Change the Download Folder
- Firefox Quantum versus Chrome