Google Chrome will soon start shaming unencrypted websites, alerting users when they’re on a site that could be intercepted by hackers.
The traditional HTTP protocol still used by many sites is unencrypted and Google (among others) thinks that’s just not good enough.
The HTTPS protocol, however, adds an extra layer of protection against snooping and interception. Therefore Google plans to flag sites that aren’t served under the HTTPS.
Chris Palmer, security engineer at Chrome, tweeted a picture of the New York Time homepage with a red “X” shown in the URL bar to signify a lack of encryption.
The tweet was also highlighted by Parisa Tabriz, manager of Google’s information security engineering team, who said “HTTP, we’re readying to call you out for what you are: UNSAFE!”
There is also a written proposal on the change, which can be found here.
Chrome already flags secure sites with a small padlock icon, but the use of a red cross on HTTP connections, instead of the current white blank page, is designed to make more of a statement: insecure connections are not cool.