Chrome Will Start Marking HTTP Sites In Incognito Mode As Non-Secure In October

Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.

Re:Do I really want to know

[Afty0r]

How they know this?

From all the browsing activity conducted through Google Chrome by people who have agreed to let them use anonymised browsing data for statistical purposes.

Re:good

The cert expires after 3 months, not the key. I use Let's Encrypt with key pinning and have had the same key pinned for over a year. The verification of domains by Let's Encrypt is similar to that of other CAs. A cert means control over a domain, nothing more.