Google is changing the way information about website security is displayed to users of its Chrome browser. Currently, the URLs of websites that use HTTPS are labeled “Secure” and displayed with a lock icon in Chrome’s address bar. The label and icon are colored green.
URL’s for websites that use HTTP are shown without a label or icon. In the Fall, the green color and the “Secure” label will be removed from HTTPS websites and red warning icons and “Not secure” labels will be added to websites that use HTTP.
HTTP (HyperText Transfer Protocol) is a protocol that governs communication between browsers and websites. Data is sent in clear text over HTTP which means anyone who intercepts it can read it. HTTPS is a secure version of HTTP. Communication between the website and the browser is encrypted.
Google wants to give Chrome users some information about the security of the websites they visit. When it began adding the green “Secure” label, websites that used HTTPS were in the minority. Because that’s no longer true, Chrome is switching to labeling HTTP websites to alert users that the site is not secure.
The timing of these changes leaves something to be desired. The removal of the “Secure” label for HTTPS websites is planned for Chrome 69 in September, while the “Not secure” HTTP labels won’t be added until Chrome 70 in October. This means that Google will be relying on user knowledge about website safety without any help from Chrome for about a month. This seems like a bad idea.
The removal of the “Secure” label from HTTPS websites is based on the idea that users should expect secure communication as the default state for all websites. This seems like another bad idea. Lack of even basic knowledge about internet security combined with the unwarranted assumption that whatever you’re doing is secure is the root of much evil on the internet.
It seems to me that color-coded icons and labels for both HTTPS and HTTP websites is a better idea because it makes clear at a glance which websites make use of encrypted information and which do not.