Google plans to mark all HTTP pages â€œinsecureâ€ to warn users about data security and privacy issues, according to Chromium.org.
As part of the open-source Chromium Projects, the initiative will affect Chrome starting in January. Itâ€™s meant to encourage all website owners to switch to HTTPS by default.
â€œWe all need data communication on the web to be secure (private, authenticated, untampered),â€ Googleâ€™s team said. â€œWhen there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.â€
The Google team suggests browsers define three basic states of security:
- Secure (valid HTTPS)
- Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors)
- Non-secure (broken HTTPS or HTTP)
Also, they recommend â€œa phased approach to marking non-secure origins as non-secure.”
“For example, a UA vendor might decide that in the medium term, they will represent non-secure origins in the same way that they represent Dubious origins. Then, in the long term, the vendor might decide to represent non-secure origins in the same way that they represent Bad origins,” the team wrote.
The Chromium projects include Chromium and Chromium OS, two open-source platforms aiming to provide a safer way for people to use the web.