Proposal To Tag HTTP Websites As ‘Non-Secure’

The Chrome Security Team has proposed that all web browsers should mark HTTP websites as “non-secure”.

The proposal is part of a drive to make the Internet a safer, more secure environment, but the change is sure to anger some web developers.

Chrome Proposal

The proposal was made by the Chrome Security Team on the Chromium.org site. Essentially, what the Chrome boffins are proposing is that from next year, all web browsers should tag HTTP websites as “non-secure”.

“The goal of this proposal is to more clearly display to users that HTTP provides no data security,” said the Chrome security team.

The move comes as Google seeks to improve Internet security. Google already uses HTTPS for its search, Gmail and Drive services, but wants others to do the same. Facebook and Twitter also use HTTPS.

In August, Google announced that websites using HTTPS encryption would be ranked more favourably by Google’s search algorithm as part of a campaign that aims to motivate webmasters to make their sites more secure.

Three Grades

In an effort not to blindside website managers with the move, the Chrome team proposed three main states for websites.

It said that websites that use valid HTTPS and other origins like (*, localhost, *)] would be labelled as ‘Secure’. The next level down would be ‘Dubious’ (valid HTTPS but with mixed passive resources, and valid HTTPS with minor TLS errors).

The final layer would be tagged as ‘non-secure’ that would be websites with broken HTTPS and HTTP.

Google has been redirecting users to an HTTPS version of its search engine since 2011 and has used SSL for Gmail since January 2010 after learning Gmail had been hacked in China. All incoming and outgoing Gmail messages are now encrypted using HTTPS connections to better protect users from interception by attackers or spying.

Are you a Google expert? Take our quiz!