Chrome now alerts you to unsecured HTTP sites

Google really wants to developers to update their websites.

Chrome has already taken numerous measures to inform users if they're on an unencrypted HTTP website, but starting today it's going one step further, with version 68 of the browser displaying a warning whenever you visit an insecure site. Instead of a green padlock and the word "secure" in the address bar, as you'll see on a HTTPS site, you'll see the words "not secure." Click on it and you'll get a warning advising against entering any sensitive information on the site, as it could be stolen by hackers.

Google Chrome HTTP warning

In most cases, the alert will serve as an indication that the website needs to update its credentials, rather than a warning that someone is trying to do something sinister with your information. Nonetheless, proceed with caution if you do decide to input sensitive data on these sites. Interactions with HTTP sites are broadcast unencrypted across the globe, and can be interfered with to insert ads, malicious software and trackers, or to redirect you to fake websites where passwords can be intercepted.

HTTPS sites, on the other hand, are more secure, although adoption has been slow. While upgrading is easier now making the change can still mean a lot of work for administrators, so Chrome's backlash against HTTP has caused irritation in some circles. Josh Aas, executive director of Let's Encrypt, told CNET that "Some people just don't want to do the work to secure their site, and at the same time they don't want the fact that it's not secure to be communicated to their visitors."

Nonetheless, Chrome plans to persevere with its HTTPS agenda. By Chrome 69, due in September, secure sites will simply display a black lock icon, instead of the green padlock and word "secure", emphasizing the fact that HTTPS sites should be the norm. Come Chrome 70 in October, the "not secure" warning on HTTP sites will change from black to a more noticeable red.

Future Google Chrome warnings