Chrome will Treat HTTP Connections as Non-Secure

Google Chrome is about to start adding negative indicators for websites that don’t use encryption

The internet is moving towards universal encryption. Whereas having SSL was once considered a necessity for just a select few kinds of sites, soon the browsers will expect all websites to have basic encryption.

What was once a luxury will soon be a necessity.

That’s because the browser community, and many around the web, believe that having encryption should be the standard—not the exception. As cybercrime has become more prevalent and more sophisticated, it’s becoming more and more important that all websites have strong security practices. After all, there’s an entire web security ecosystem and – especially on shared server set-ups – one vulnerability could potentially be exploited against a number of sites.

That’s why you’ve probably already noticed that the browsers are gently nudging us all towards an encrypted internet. So far it’s been done with small measures. For instance, Google has been rewarding sites with SSL Certificates by giving them a small rankings boost. Mozilla and Google have been withholding their more powerful advanced browser features from unencrypted sites.

As of yet it hasn’t been anything too major—but that’s all about to change.

In the latest release of Chrome version 53, Google has begun inserting an exclamation point in a circle in the address bar next to non-secure sites. By itself, this is actually more of a neutral visual indicator, but it’s just the first step in a series of changes that will eventually see negative visual indicators used to mark unencrypted websites.

In Google Chrome version 56, which is due out early next year (January 2017), the company will add the words “Not secure” next to the exclamation point icon.

From there, things will continue to intensify. Eventually, Google plans to mark all websites that are still served over unsecure HTTP with a negative indicator.

As you can probably imagine, this is a very dramatic way for Google to move websites towards encryption—and quickly.

Whereas the indicator in Chrome 53 alerts a user that not all is well – especially when compared to the green padlock that indicates a secure connection – plenty of users may still miss what its actual meaning is.

Recently Google did a lot of research on visual indicators and arrived at the realization that they aren’t as effective as the company had hoped. It turns out indicating connection security with just a single symbol is tough. But, there were some symbols and colors that clearly stood out to users. Hence the eventual negative indicator that Google has designed, a red triangle with “Not secure” written in red beside it.

This gives the user no doubt that they are not safe on this website.

It’s also not hard to imagine that seeing such a negative visual indicator displayed next to a site’s URL is really going to damage the reputation – and by extension the traffic – of the website in question.

This is entirely the point.

If that doesn’t get you to encrypt—nothing will.

But, you still have some time before you start getting penalized badly. Google has only just rolled out its new “not secure” visual indicator, and as we discussed, at this point it still feels more neutral than anything. By the beginning of next year Google will add “Not secure” next to the symbol. This will give a stronger indication to users that a site’s connection is not safe.

After that, you’re playing with fire. There’s no exact time table for when the indicator will turn to its angry red state – it could be months or even a year – but you don’t want to wait around and find out.

It’s time to encrypt, regardless of how strongly Google is trying to remind you.