14 DAY TRIAL // Changes are planned for future Google Chrome releases, which will potentially add a big shiny red cross in the URL bar if the website you're accessing is not using HTTPS.
Google says it is planning to add this to Chrome by the end of 2016, after one of its developers proposed the idea back in December 2014. [This statement is wrong and was based on tweets from various people affiliated with Google which have now been deleted, check the update at the end of the article.]
"The goal of this proposal is to more clearly display to users that HTTP provides no data security," said Chris Palmer in his proposal.
A UI change with enormous consequences
His plan is based on the principle that users won't consider something as insecure unless there's a warning that signals this. Until now, Google has been only showing errors if there was something wrong with the encryption, but not when HTTPS was lacking altogether.
By marking HTTP sites with a big red cross, Google devs are hoping to educate users about the dangers of navigating HTTP websites where they share personal details or make financial transactions.
If you're currently accessing an HTTP page where you make credit card transactions, Google won't display any type of error, even if sending financial information in cleartext is one of the dumbest and dangerous things you can do.
According to this new plan for Chrome's UI, users should easily notice a big red X left to the page's URL and avoid carrying on with their transaction.
You can see the proposed UI in action right now
The proposal put forward by Mr. Palmer has already been implemented in Chrome. If you want to see a working version, you'll need Google Chrome 48. Some older versions might work as well since the indicators have been around for more than a year, but we haven't tested other versions outside v48.
In Chrome, open a new tab, write and access the chrome://flags settings page.
Here you'll need to search for the "Mark non-secure origins as non-secure" and select the "Mark non-secure origins as non-secure" option instead of "Default."
Also today, we’ve also reported on the new Security panel in Chrome's DevTools, which can be useful when debugging HTTPS websites.
UPDATE: We were contacted by Peter Kasting, one of Google's engineers in the Chromium project, who told us we're wrong. So there's no permanent change coming to Chrome by the end of 2016, and there's no timeline on this yet. We're sorry to have mislead our readers, but some of today's stories break via Twitter. Sometimes you get nice teasers, sometimes you get developers talking about their wishes and desires, instead of actual implementations.
