Google to Start Marking HTTP Websites as 'Not Secure'

The days of HTTP websites are numbered.

Starting in July, Google's Chrome web browser will begin to mark all sites that are HTTP as “not secure,” according to a Google blog post.   

Over the past several years, Google has moved to boost web security by strongly advocating that sites adopt HTTPS encryption, Emily Schechter, Chrome security product manager, writes in the post. Within the last year, Google has also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure.” However, with the release of Chrome 68 in July, Chrome will mark all HTTP sites as “not secure.” 

What's the difference between HTTP and HTTPs? As BizTech has explained, with HTTP, data that is transferred using the protocol is not encrypted. Hypertext Transfer Protocol Secure is like HTTP, but the data is transferred in conjunction with another protocol, Secure Sockets Layer (SSL), now known as Transport Layer Security. While HTTP and HTTPS are focused on how info is presented, SSL/TLS is not concerned with what data looks like but rather on encrypting the data — it produces a secure connection between web servers and web browsers.

Schechter notes that a lot of progress has been made in the push to adopt HTTPS. Over 68 percent of Chrome traffic on both Google's Android platform and Microsoft's Windows is now protected, and over 78 percent of Chrome traffic on both Google's Chrome OS and Apple's Mac OS is now protected. Meanwhile, 81 of the top 100 sites on the web use HTTPS by default, Schechter says.