HTTPS: Google puts unsecured websites ahead of their responsibilities

#Security 06.05.2018 2min Last update : 10.25.2020

HTTPS. Hypertext Transfer Protocol Secure. For several years now, Google has been dedicated to increasing the use of HTTPS technology to make the web more secure. By the end of 2018, sites that fail to adopt HTTPS will be marked as ‘unsecure’ by the US tech giant.

Initially, HTTPS was largely used by banks to ensure online translations were secure. But the technology has since become much more widespread. Around 70% of webpages use HTTPS connections these days, compared to 40% in July 2015, says Google.

But for a site to benefit from HTTPS, its owner needs to be in possession of an SSL/TLS certificate – a tool which safeguards the site and can be identified by the ‘HTTPS’ in the address bar. Clicking on the green padlock icon in the address bar will then display the certificate details, including the website owner’s company name.

Securing online communications

Thanks to HTTPS, web users can rest assured that the site they are using is really the one whose address is displayed. Moreover, any data sent and received is encrypted, so it can only be read by the visitor and the site itself.

As far as Google is concerned, HTTPS needs to become the norm. And the firm has been taking steps over the past few years to ensure this is the case. Since 2014, it has improved the way websites with HTTPS appear in its search results.

Unsecure sites under fire from Google

Google wants users to be able to expect that the internet is secure by default. In light of this, the company will stop marking HTTPS sites as secure from version 68 (July 2018) of its browser.

From September 2018 and version 69 of Chrome, the word ‘secure’ will disappear from HTTPS sites. The little green padlock that explicitly highlights secure sites will also go. On top of that, HTTP sites will be marked as ‘unsecure’, which will be highlighted in red from October 2018 and version 70 of Chrome.

So, the way unsecure sites are marked will change. “Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning,” the California company stated on its blog.