Google plans to mark all HTTP pages “insecure” to warn users about data security and privacy issues, according to Chromium.org.
As part of the open-source Chromium Projects, the initiative will affect Chrome starting in January. It`s meant to encourage all website owners to switch to HTTPS by default.
“We all need data communication on the web to be secure (private, authenticated, untampered),” Google`s team said. “When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.”
The Google team suggests browsers define three basic states of security:
Also, they recommend “a phased approach to marking non-secure origins as non-secure.”
“For example, a UA vendor might decide that in the medium term, they will represent non-secure origins in the same way that they represent Dubious origins. Then, in the long term, the vendor might decide to represent non-secure origins in the same way that they represent Bad origins,” the team wrote.
The Chromium projects include Chromium and Chromium OS, two open-source platforms aiming to provide a safer way for people to use the web.