Google Chrome: removal of Secure and HTTPS indicators
The Google Chrome web browser displays a "secure" indicator in green in the browser's address bar when you open a site that supports the HTTPS protocol. For sites with extended certificates, Chrome displays the company name instead, and the protocol https: is displayed in green as well.
A new blog post on the Chromium blog reveals that Google plans to change how the Google Chrome browser indicates secure and non secure websites to the user.
Chrome, and pretty much any browser out there, displays positive indicators right now when you connect to sites and services that support HTTPS.
If a site uses HTTPS, the user is informed about that. Chrome displays the secure indicator, a lock icon, and color codes the indicators in green to highlight that the connection to the site is secure.
Google plans to turn things around completely in the near future. The company plans to omit positive indicators in the future and instead highlight non secure connections to the user.
The company proposed the following timeline:
- July 2018 -- Google Chrome will display all HTTP sites as "not secure".
- September 2018 -- Chrome won't display the "secure" indicator anymore when you connect to HTTPS sites in the browser. Chrome won't display the HTTPS scheme either anymore.
- October 2018 -- Chrome displays a red "not secure" notification in the address bar when users enter data on sites that use HTTP.
- Eventually -- Chrome won't show the lock icon anymore as well.
Google's reasoning behind removing secure connection indicators in Chrome is that "users should expect that the web is safe by default". Since more and more sites and services are secure, as HTTPS migration is at an all-time high and advancing rapidly, the company decided to highlight non secure connections to the user instead only in the near future.
The lock icon will be displayed for the foreseeable future. Google did not set an end date for the removal of the lock icon yet.
The removal of all indicators for secure connections in Chrome is a massive change. Google did not reveal if it plans to inform users about the change, for instance, by displaying information after the update of Chrome to version 69 of the browser.
Secure indicators have been part of the Web for a long time and the removal of the protocol scheme hides information from the user. While you could say that the information is not needed anymore, as you can simply assume that a site uses HTTPS because Chrome does not display "not secure" in the address bar, it is probably the case that some users would like to see the indicator regardless.
Now You: What's your take on the change?