Chrome 56: HTTP sites marked as not secure

[Batu69]

Google announced plans today to increase the pressure on sites not yet offering their content over secure https connections.

Starting with Chrome 56 Stable, out January 2017, the company plans to list some HTTP sites as not secure in the browser.

 

Chrome uses a neutral listing for non HTTPs sites currently. All sites, HTTP and HTTPS sites with mixed content, fall into that category.

Starting with Chrome 56, some of those sites may be listed as not secure in the browser instead.

 

Any non-HTTPS page -- and mixed content pages fall into that category -- with a password field or credit card form fields will be marked as not secure in Chrome 56.

Google's plans don't end there though. The company plans to extend the warning to all non-HTTPS sites in the browser's Incognito Mode, and later on to all non-HTTPS sites displayed in the browser.

 

The indicator's color remains gray for the time being during that transition phase.

 

 

In the end, all HTTP pages are shown as not secure with a red exclamation mark and text in the browser's address bar.

 

 

Some sites or pages benefit more from others. While it makes sense to enforce HTTPS usage on financial sites and sites that deal with personal information, others may not benefit from it nearly as much.

 

There are valid arguments against enforcing HTTPS on all Internet sites. They range from increased handshake times to making it harder for users to publish sites on the Internet. Previously, all you had to do was create a HTML page and publish it. With HTTPS being enforced, you need to find a way to get a certificate for your site.

 

This has gotten easier and cheaper thankfully thanks to Lets Encrypt. It still means that you have to understand how to generate a certificate for your site and spend time understanding the process.

 

It seems a given that the web is moving towards HTTPS, and that HTTP or mixed content HTTPS sites will have an outlaw status one day.

You are probably wondering what we have planned in regards to HTTPS. I'm testing the implementation on two test URLs and the backend currently. Getting mixed content warnings because of the newsletter form currently but that seems to be the only issue right now.

 

You can check out one of the test pages here. Note that it shows up fine right now, but that is because the newsletter sign-up won't work on that page.

 

Article source

[steven36]

Lol what a joke, a article posted from a non https site on too a non https site. about all sites buying https  It's easy for a multi billion dollar company  who got rich from ads  like Google  to try to dictate the internet . But thing is Https is expensive for  webmasters  to buy . Without http sites over half the internet would not exist at all and since Google is not offering to foot the bill and pay for everyone too do it ,  I dont look for most sites to  change too it anytime soon . I'm all for them changing to https  but I'm not going pay for them to do it and nether is none of the browser vendors  Like Google, Mozilla or Microsoft  etc. .

[Kalju]

https does nothing or no one in any way safer and more protected. This is only one  method of extortion.

People are slowly beginning to realize that the viruses stories are fairy tales and pure deception, now the need for new methods of extortion. This is one of them.