Chrome Changes: Encryption Notification

Google Chrome Browser Logo: Blue gradient circle with a thick white outline and a larger circle behind it with red, yellow, and green trisection coloring from top to bottom left.

Google Chrome version 56 (based on the open-source Chromium web browser) is scheduled to be released at the end of the month. One of the major user-level changes is how sites without encryption will appear. Until now there has just been a lowercase letter “i” with a circle around it — this was typically an indicator to get more information about the site. In the upcoming version this symbol will be accompanied by a “not secure” message to indicate that the site is not secure:

The difference between Chrome 53 and Chrome 56 when a non-encrypted site is visited: The circled lowercase "i" will be accompanied by "Not secure"


Google has also indicated that future versions of Chrome will continue to make sites that are not encrypted appear with a more prominent warning symbol:

In future versions of Chrome the "Not secure" indicator will be red, have a triangle exclamation mark warning icon, and be much bolder.


Imminent: Non-HTTPS Sites Labeled “Not Secure” by Chrome

Google warned about this back in September of 2016.

2016: Banner Year for Encryption

Bar graph from Let's Encrypt showing the massive 21 million additional certificates issued between the end of 2015 and the end of 2016.

The Electronic Frontier Foundation (EFF) reported that the number of websites utilizing encryption (HTTPS) to secure the traffic between the browser and the web server. For the first time since the inception of the Internet, the majority (more than half) of internet traffic was encrypted! It did not matter the size: large and small websites have been adopting secure certificates to encrypt their traffic… but why?

A number of factors played out over the past year that lead to this mass migration to encryption. Google announced it would start giving sites a small rank boost if they used encryption (that will likely get stronger as time goes on), web browsers adding visual features that make non-encrypted sites look less secure, increasing pressure from governments, businesses, and the public to secure the net, the addition of some new and advanced browser features that only work on encrypted connections, and the introduction of free programmatic (automated) secure certificates all lead to the massive adoption that occurred throughout the year.

There are still a number of countries, particularly in Asia and the Middle East, that are resisting the adoption of encryption but various organizations are already looking into how they can encourage the holdouts to join in.

Personally I see this as no different than when much of the world, especially those in the east, continued to rely on the old, out-of-date Internet Explorer versions and were eventually pressured to upgrade by Microsoft along with various other organizations through various advertisements and public service announcements (PSAs, but maybe Internet Service Announcements?). They showed just how insecure & slow older browsers are and how much risk is taken by refusing and/or blocking browser upgrades.