Skip to main content
  1. Home
  2. Computing
  3. News

Chrome will soon mark unencrypted sites with a big, red X

By

chrome on ios reading list browser mobile ipad search
pixinoo/123rf
Google is going to start pointing out when web pages that aren’t encrypted as part of its aggressive and on-going campaign to improve browser security.

Almost the entire Web is built on HTTP, or the Hypertext Transfer Protocol. It’s basically the language that browsers and web pages speak to each other. HTTP is great for a lot of reasons, and its wide adoption is a boon for compatibility, but it’s inherently insecure.

In fact, it’s remarkably easy to intercept traffic to and from unsecured HTTP servers, which is why HTTPS was introduced. As the secure version of HTTP, HTTPS encrypts data sent to and from users, protecting it with an SSL certificate. SSL as a security layer is basically unbreakable, although there are rumors the NSA and British Surveillance have their own methods, and security certificates are sometimes improperly issued, a problem that put Google in conflict with Symantec last year.

Related

Chrome distinguishes HTTP from HTTPS pages using an icon to the left of the URL, where the favicon (for example, the tiny Digital Trends logo on this tab) changes based on the security settings of the current page. A standard, un-encrypted site is marked by a white page icon, while a secure site is marked with a green padlock. If a page claims it’s secure, but Chrome spots issues with its implementation, the padlock will be marked with a red X. Clicking the icon in any case will bring up more info on the site.

Soon, sites that are unencrypted will be marked with a padlock and X icon, just like the poorly secured sites. The idea was actually proposed as part of an addition to the Chromium project, but now it appears it will be implemented in the standard version of Chrome as well. It was shown off as a feature during a presentation at the Usenix Enigma security conference.

When this change will make its way into the public version of the browser remains to be seen. It can be enabled in an advanced settings tab by navigating to “chrome://flags” and selecting “mark non-secure origins as non-secure,” a setting that’s simultaneously self-explanatory and confusing.

The move might seem extreme to some, but it’s important to protect your data everywhere on the Internet, not just on sites with passwords or sensitive information. The move towards a completely secure Web is one that everyone is going to benefit from, and if any company can make it happen, it’s Google.

Editors’ Recommendations

Topics
Brad Bourque
Brad Bourque
Former Digital Trends Contributor
Brad Bourque is a native Portlander, devout nerd, and craft beer enthusiast. He studied creative writing at Willamette…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more