Google announced this week that it will remove the green security indicator in its Chrome web browser by the end of 2018. Instead, it will now only call out those websites that are insecure.
“HTTPS usage on the web has taken off as we’ve evolved Chrome security indicators,” Google’s Emily Schechter explains. So “we [will] mark all HTTP pages as definitively ‘not secure’ and remove secure indicators for HTTPS pages.”
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
If it’s not clear, the security indicator is the green or red badge that sits to the left of the Chrome address bar when you load a web page. A green indicator means that the site is “secure,” or delivered over HTTPS. A red indicator is insecure and delivered over HTTP.
As Google notes, users should expect the web to be safe, but I’m not sure that removing the green secure indicator is that smart. Color-coding for each site seems to work just fine. But they’re getting rid of the green bit.
Fortunately, they’re doing so over time. Starting with Chrome version 69, due in September, the security indicator will lose the green color and “Secure” text; you’ll just see a locked lock indicator. Then, in Chrome 70, that locked lock graphic will disappear too. And Chrome 70 will display a red “not secure” warning on HTTP pages.
skane2600
<p>I think potentially there could be lawsuits. https doesn't guarantee security and http doesn't guarantee a site is insecure. Labeling a site as insecure that isn't could be interpreted as abusing Google's relative monopoly status.</p><p><br></p>
dontbe evil
<blockquote><a href="#277224"><em>In reply to skane2600:</em></a></blockquote><p><br></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">no surprise, is scroogle… "don't be evil"</span></p>
skane2600
<blockquote><a href="#277959"><em>In reply to behindmyscreen:</em></a></blockquote><p>If you define "secure" solely as https, you're correct, but one can also take a broader definition that includes things like not allowing anyone to determine your browsing location through DNS, not allowing a web site to know your IP address etc.</p><p><br></p><p>The only relevant traffic to a static site is going to be the URL of the site (that https can't hide) and the data returned from that site. I suppose someone could go to a lot of trouble to trick you into going to another static site, but it's not clear what the benefit would be. </p><p><br></p><p>In any case secure == https is a technical classification and not something that a typical user would understand (and the fact that Google would use either the word "Secure" or "not secure" rather than having https or http "speak for itself" is proof that Google understands that). It could be reasonably construed as an indication that the site is infected. Thus the potential damage to the owner of the site. </p>
dontbe evil
<blockquote><a href="#277247"><em>In reply to MikeGalos:</em></a></blockquote><p><br></p><p>no surprise, is scroogle… "don't be evil"</p>