Google Will Mark HTTP Sites As Unsafe Starting in 2015

Google plans to mark all HTTP pages “insecure” to warn users about data security and privacy issues, according to Chromium.org.

As part of the open-source Chromium Projects, the initiative will affect Chrome starting in January. It`s meant to encourage all website owners to switch to HTTPS by default.

“We all need data communication on the web to be secure (private, authenticated, untampered),” Google`s team said. “When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.”

The Google team suggests browsers define three basic states of security:

• Secure (valid HTTPS)
• Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors)
• Non-secure (broken HTTPS or HTTP)

Also, they recommend “a phased approach to marking non-secure origins as non-secure.”

“For example, a UA vendor might decide that in the medium term, they will represent non-secure origins in the same way that they represent Dubious origins. Then, in the long term, the vendor might decide to represent non-secure origins in the same way that they represent Bad origins,” the team wrote.

The Chromium projects include Chromium and Chromium OS, two open-source platforms aiming to provide a safer way for people to use the web.