The proposed changes to the Chrome browser suggested by Google engineers in 2014 are poised to come into effect, meaning a slightly different, and theoretically more secure way of navigating the internet for web surfers.
A new system will warn users should they navigate towards a website deemed insecure. The feature is designed to act as a warning flag up for sites using the unencrypted HTTP as opposed to HTTPS (websites using an SSL certificate), in a move that some industry commentators have perceived as a ‘name and shame policy’.
The feature will display a red cross over the padlock on the URL bar when a site isn’t encrypted with HTTPS, which is an escalation of the current system showing a white page when internet users attempt to visit a website not secured by HTTPS. The red cross icon is only currently displayed when there are problems with the HTTPS site a Chrome user is trying to access.
Detailing their proposal back in 2014, the team at Chrome explained: “The Chrome Security Team propose that user agents gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.”
Google’s reasoning is that in the end, despite the inevitable challenges that will crop up as part of the transition to such a system, the end result will be a more secure experience for the Chrome user, combating the threat of malicious agents.
According to Google: “Active tampering and surveillance attacks, as well as passive surveillance attacks, are not theoretical but are in fact commonplace on the web. We know that people do not generally perceive the absence of a warning sign. Yet the only situation in which web browsers are guaranteed not to warn users is precisely when there is no chance of security: when the origin is transported via HTTP.”
There have been rumblings that the HTTP flag will be set as a default on Chrome soon, and a Google employee that wished to remain anonymous told the Motherboard news site that he expects there to be an announcement “soon”.
Google has led the charge, along with Apple and Mozilla, for encrypted websites, and has confirmed its policy of giving SEO value to sites that are encrypted in its search rankings.