Upcoming versions of Google’s Chrome will kill off some of browser’s security signposting, with HTTPS sites no longer marked as “secure” in the address bar.
In a blogpost, Chrome security product manager Emily Schechter announced that Chrome 69, which is due to roll out in September, will change the way it flags up the security of websites. Currently, Chrome displays a small padlock icon and the word “Secure” to the left of a website’s URL. With the update, Chrome will only signpost if a site is “Not secure”.
Google already announced in February that, from July, Chrome will mark all HTTP sites as “Not secure”. That move was described by the company at the time as a way to advocate that sites adopt HTTPS encryption.
As the company explains, the removal of the “Secure” mark is part of Google’s efforts to remove “Chrome’s positive security indicators so that the default unmarked state is secure”. Things will then be taken a step further in October with the release of Chrome 70, when the browser will begin to flash a red “Not secure” warning as soon as a user begins to enter data on HTTP pages.
Whether or not removing the “Secure” indicator will change people’s online habits remains to be seen. Schechter says “users should expect that the web is safe by default”, so it looks to be an effort by Google to pare back the amount of information Chrome flashes in front of its users.