Although Parisa Tabriz, the head of Chrome security at Google, and her team are responsible for determining the data security of websites that Chrome users visit, there has only been an inscrutable icon in place thus far. That icon has had the functionality of signalling encrypted and unencrypted websites a Chrome user decides to visit.
The unprotected sites are a potential data security threat, since a hacker can sniff any password you are entering into a website that does not encrypt its traffic. In fact, most modern browsers share a tendency to be a bit lacking when it comes to warning their users about a website’s lack of security.
Chrome is going to start publicly shaming websites that do not have strong encryption in place, displaying a big red “not secure” warning next to the website’s address bar in the browser.
According to Tabriz, if a website in question does not use the HTTPS protocol, its users can have no expectation that the website has not been tampered with.
Unencrypted websites that accept usernames, passwords, or credit card information will now be marked as “not secure”. In the years to come, Chrome aims to expand their database of websites that are not adhering to the latest HTTPS standards.
Certain web admins may not be that fond of the upcoming changes, since implementing HTTPS is not as simple as flipping a switch. However, John Aas, founder of Let’s Encrypt, believes this is a small price to pay in exchange for the data security benefits the new changes will bring.