Google Will Soon Let You Know By Default When Websites Are Unencrypted

An anonymous reader writes: Permanent changes are planned for future Google Chrome releases, which will add a big shiny red cross in the URL bar if the website you're accessing is not using HTTPS. Google says it is planning to add this to Chrome by the end of 2016, after one of its developers proposed the idea back in December 2014. Many have argued that the web is predominantly unencrypted, so they're displaying a persistent and ambiguous error message for a large portion of the Internet. Since unencrypted content is not an error state, the Chrome team should use alternate iconography, because the default error message this will just confuse average people, and it will encourage error blindness.

Re:Wait...

[XanC]

What we've learned is that not all HTTPS are created equal. There could be insecure ciphers, mixed content, insecure signatures, vulnerabilities, what have you. Just looking for the "s" isn't enough. It's a very good thing that the browsers, which can look at all the factors, are giving better hints about whether a connection is trustworthy.

Re:Wait...

[JesseMcDonald]

So we used to have a simple system, see http:/// on the URL bar, or see https:/// on the bar.

Only http:/// is hidden, so users can still look for https:///. In fact, the difference is even more obvious than before: instead of just one missing letter, the entire protocol field indicates whether the connection is encrypted.