Google wants to show warning on every non-https site in Chrome in early 2016 2016

Google is working on making Chrome tell you which sites don’t offer an encrypted connection by default. For sites without an https connection, the browser then shows a red warning cross next to the url. The feature should come to the browser at the beginning of this year.

Speaking at the Usenix Enigma security conference in San Francisco, Chris Palmer, a security engineer at Google, sent a image from the New York Times website, showing the red cross next to the URL, promising more to come. His colleague Parisa Tabriz then let know: “Http, we’re working on showing what you are: non-secure”. By default, Chrome shows a blank page at http sites, but Google wants to get rid of this ‘neutral’ icon.

The plan to mark sites that don’t support https connection as “not secure” in Chrome is not new: it was announced at the end of 2014, with a promise that a transition plan would come in 2015. After that, it went silent until Palmer announced in late 2015 that it was aiming to implement it in early 2016, citing a blog post stating that ultimately two designations should remain: secure and non-secure. Last week, the effort was added to Chromium’s issues list, indicating that the warning is indeed on the way to integration into the browser.

Incidentally, the functionality has been manually activated in Chrome for more than half a year, by selecting “Mark non-secure entry points as non-secure” via chrome://flags.