HTTP Could be Marked as Non-Secure

The Google team behind Google’s Chrome browser is considering a development in 2015 which would mark unencrypted HTTP connections to websites as non-secure.

In the proposal to its web community, The Chromium Projects says that its goal is to “more clearly display to users that HTTP provides no data security” and argues that when there is no data security in the connection between browser and web server, the browser “should explicitly display that, so users can make informed decisions about how to interact with an origin.”

The move comes after Google announced earlier in 2014 that it would begin to use secured HTTPS connections to websites as a ranking factor for the first time, albeit a relatively minor factor.

It is clear from these recent policies that Google is aiming to encourage the take-up of HTTPS and pushing to extend it to cover as high a proportion of websites as possible.  It is a policy that is hard to disagree with, despite the additional cost for webmasters for the annual renewal of an SSL certificate, installation and web server configuration, but the security benefits clearly outweigh the costs and the SEO benefit only increases the usefulness of secured, authenticated communication.

It is also admirable that Google is running a campaign to educate users on an important internet issue such as security.  The majority of users would not know, for instance, that every request on the world-wide-web is routed through several networks, which if unencrypted could allow any of those networks to process, store or even modify every piece of data sent to or from a website.  And with even large corporations like Sony being hacked, trusting every single one of those networks to be free from hacks or malware is not always so easy.

The proposed change will not have an immediate effect, however.  The Chromium Projects has proposed changes over several phases, possibly based on the proportion of websites employing HTTPS encrypted connections over time, or in timed phases where unsecured connections are first marked as ‘dubious’, then as ‘non-secure’ and finally not to have any mark against secured connections, as it should be assumed to be the norm.

It remains to be seen whether or how this policy will be implemented by Google in its Chrome browser releases, or if it will be taken up by other browsers, such as Firefox, Safari and Internet Explorer, but it is certainly a trend we would encourage.

If you are unsure about the benefits of using HTTPS on your website or its implementation please contact us and we would be happy to provide a free consultation.