14 DAY TRIAL // The world’s favorite browsers, Chrome and Firefox, are taking a stand for security and will flag HTTP connections as insecure while, at the same time, pushing for all websites to move on to a more secure format.
What both Google and Mozilla are hoping to achieve here is a move towards HTTPS for all websites. This started years ago, in fact, when websites that did use the secure communications protocol started being highlighted in the address bar, with “secure” and a padlock. In fact, back in 2014, the Chrome Security Team expressed its opinion that user agents should gradually change their interface to “display non-secure origins as affirmatively non-secure.”
Mozilla has released Firefox 51 today, while the next version of Chrome is scheduled for release next week. Both browsers have started to describe some HTTP connections as insecure.
How does it work?
You shouldn’t expect to see alarm signs on every page that has a basic HTTP connection, however, as both companies seem to be somewhat understanding to the rest of the world. In fact, the bells will go off on unencrypted pages that contain forms. For instance, if you go on a website that requires you to fill in a password, credit card data or other high-risk information, the browsers will react. This should help users avoid those pages that can easily be modified by people that may want to cause you harm or snoop on you.
Up until now, you might have noticed the little "i" in a circle on the left of the address bar, marking that the browser had some information for you, including the fact that the connection isn’t as secure as one would hope for.
With the changes coming today for Firefox, the unsecured websites will be marked with a padlock icon with a red line running through it. According to screenshots from the next version of Chrome, Google has added an explicit “Not secure” label in the address bar, because it doesn’t get much clearer than that.
Plans for both companies include making it clear the pages you’re browsing aren’t secure even if the unsecured page lacks any type of forms for you to fill in. Mozilla will go on with the struck through padlock, while Google will continue with the “Not secure” message.