Recently Google announces some changes to Chrome, which begins from January 2017 with (Chrome 56). Chrome currently indicates HTTP connections with a indifferent indicator. Which doesn’t reflect true lack of security for HTTP connections.
Now Chrome use icon flag to shown un-encrypted instances.As of now the icon is available in Google chrome, we can enable it by visiting chrome://flags, scroll down to “mark non-secure as,” and select “mark non-secure origins as non-secure.”
Above are the chances of seeing, what our browsers do in the screens above in 2017 is near zero.
Thresholds measures with ratios of user interaction on secure origins vs. non-secure.
-
Secure > 65%: Non-secure origins marked as Dubious
-
Secure > 75%: Non-secure origins marked as Non-secure
-
Secure > 85%: Secure origins unmarked
FAQ
Will this break plain HTTP sites?
No. HTTP sites will continue to work; we currently have no plans to block them in Chrome. All that will change is the security indicator(s).
Isn’t SSL/TLS slow?
Not really (for almost all sites, if they are following good practices).
What about test servers/self-signed certificates?
Hopefully, free/simple certificate setup will be able to help people who had previously considered it inconvenient. Also note that localhost is considered secure, even without HTTPS.
As mentioned above, plain HTTP will continue to work.
[…] To underline the importance of using an encrypted channel, Google announced that beginning in January 2017, the Chrome browser will warn users when a website doesn’t use HTTPS. […]
[…] Here’s how non-secure web will feel in Chrome’s secure-by-default future. […]