HTTPS, or the secure version of the ubiquitous Hyper Text Transfer Protocol, can’t solve every problem when it comes to online security. As far as preventative measures go, however, it’s relatively cheap to implement and serves as a strong baseline before tackling other, more difficult issues.
That’s why, starting in July 2018, Google will start labeling all sites still using unencrypted HTTP as “not secure” on version 48 of Chrome. Hopefully, this sort of tagging will inform users about how sites they visit operate, while also putting a bigger burden on websites owners to switch over.
Right now, Google says, 68 percent of Chrome traffic on Android and Windows is protected, while that number rises to 78 percent on Chrome OS and Mac, with 81 of the top 100 sites on the web using HTTPS by default.
However, there are still a number of major sites like BBC.com, Alibaba.com, and IMDB.com that still don’t use HTTPS. But what could be an even bigger problem for these sites is that, in addition to security concerns, Google also uses HTTPS as a ranking metric for search. That means that by continuing to hang on to HTTP, those sites should be getting less traffic directed their way than they otherwise would, which presumably has an effect on the site’s revenue.
Labeling sites using HTTP not secure is something Mozilla has also toyed around with, too, after it implemented a similar approach to sites using HTTP in Firefox Nightly version 59 back in December.