Google appears to be taking another step in encouraging all websites to adopt HTTPS, also known as secure browsing. Google computer security expert, Parisa Tabriz, hinted that the Chrome browser will soon display a padlock with a red X on all pages that are delivered over unencrypted connections.
The current display settings on Google Chrome present the user with one of the following:
- A green padlock to signify a secure connection (HTTPS).
- A blank white page to signify that the website is not secure (HTTP).
- A padlock with a red ‘x’, signifying that there is a problem with HTTPS page – this is when a page should be secure but is not.
Google may be moving forward with plans announced as far back as 2014 to highlight websites that are not secured with HTTPS, bringing the safety of the site to the attention of the user in a more pronounced way.
Although most websites that hold sensitive information are encrypted with HTTPS, Google recommends that all websites should be secured. Regardless of if a website is transactional or not, connecting to any site that is not secured could always leave the user vulnerable.
ClickThrough Marketing, senior web developer, Phil Cook, said:
Secure connections are still important, even if you are not making a payment. Third-parties can quite conceivably snoop on your connection and know exactly what you are browsing when you are viewing a website that is not served over HTTPS.
While ClickThrough Marketing, director of web development, Alan Rowe, commented:
Google has been suggesting it wants all websites to run on HTTPS for some time, and by taking this action they will pretty much force the issue. Google Chrome is now one of the most dominant browsers worldwide, and now that they have that captive audience, they are in a position to dictate the future. This change means that every single website will need to have a secure certificate. This will be beyond the capability of many small companies, and so I expect hosting companies and web development agencies will be required to assist.
Google’s plan counters UK government plans to reduce the amount of encrypted data being shared across web and mobile. Current attempts to implement legislation that allows the government access to what would be encrypted data – for national security reasons – are in process.
Encouraging the implementation of an SSL certificate on all websites by highlighting the existing lack of security aims to increase the amount of HTTPS websites on the web.