At the beginning of the year 2017, half of the web had then switched to HTTPS, at the expense of the old HTTP protocol considered to be much less secure than its predecessor. At the time, the co-founder of the Let's encrypt certification authority, Josh Aas, said: It took 20 years for 40% of Web pages to be encrypted. It's amazing to see that the 50% has been achieved in just one year. " Although this figure has increased in one year, many sites still exploit the old protocol and remain vulnerable in several situations
In fact, the HTTP protocol allows malicious users to insert trackers, advertising or software, but also to write users to the replicas of the original websites. Therefore, it is now several months since the Google Chrome browser indicates that it will highlight sites that do not use the last protocol in force.
So far, Google Chrome displayed "unsecured" only when a user uses private browsing mode or fills out a form. However, this report does not appear during the classic navigation, a point that changed to the date of July 24th. Since that date, all HTTP sites are being "unsecured", a message that is located right next to the URL of the website concerned.
Subsequently, Chrome 69 will consider that the HTTPS protocol is the norm and thus put it further forward through the green color attached to the padlock and the word "security". A simple black lock will replace the usual signal. Chrome 70 should then display the warning in red.
Hopefully this report motivates some websites to drop the HTTP. As Emily Schechter, Product Manager at Chrome Security, explained a few months ago: "We hope that these changes will continue to pave the way for an easy-to-use, safe Web, by default." HTTPS is cheaper and easier than ever, and unlocks powerful features.