Chrome 68 to condemn all unencrypted sites by summer Credit: Google

Chrome 68 to condemn all unencrypted sites by summer

Google has put a July deadline on a 2016 promise that its Chrome browser would tag all websites that don't encrypt their traffic.

"Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as 'not secure,'" wrote Emily Schechter, a Chrome security product manager, in a Feb. 8 post to a company blog.

Google has scheduled Chrome 68 to release in Stable form - analogous to production-level quality - during the week of July 22-28.

Starting then, Chrome will insert a "Not secure" label into the address bar of every website that uses HTTP connections between its servers and users. Sites that instead rely on HTTPS to encrypt the back-and-forth traffic will display their URLs normally in the address bar.

Google's campaign to call out HTTP websites as unsafe began in 2014, with the search giant ramping up the effort in September 2016, when it told users Chrome 56 would shame pages that didn't encrypt password or credit card form fields. Chrome 56 debuted in late January 2017, and immediately started to apply the "Not secure" label to pertinent pages.

The push for always-HTTPS - backed by Google and others, including Mozilla, maker of Firefox - has worked, Schechter argued. Eighty-one of the web's top 100 sites, she asserted, now used HTTPS by default, while 68% of Chrome traffic on Windows and Android (by pages) and 78% on both macOS and Chrome OS was encrypted. That was up significantly from September 2016, when Schechter said half of all Chrome desktop page loads were being served via HTTPS.

Eventually, Chrome's "Not secure" label will be accompanied by a red-for-danger icon.

chrome 68 to label insecure sites IDG/Gregg Keizer

At some point, Chrome will not only tell users that a HTTP page is "Not Secure," but will add a red-for-danger icon to emphasize the point.

Users can enable Chrome's new HTTP tagging now by typing chrome://flags in the address bar, then finding the item described as "Mark non-secure origins as non-secure." Selecting "Enable (mark with a Not Secure warning)" and relaunching Chrome replicates what Chrome 68 will display after Google sets that option as the default. Choosing "Enable (mark as actively dangerous)" displays the red icon as well.

What Google does - or doesn't - with Chrome has a huge impact on the web simply because of the browser's massive influence. In January, for instance, analytics vendor Net Applications pegged Chrome's user share at 61.4%, making it as dominant as Microsoft's Internet Explorer was in 2010, when Google's browser was just two years old.

That user share has enormous sway over all sites, a club and carrot that Google constantly wields. No site wants to give all those Chrome users the impression that it's unsafe, and to be avoided. As a result, many sites have fallen in line with Google's demand that the web go all-in on HTTPS.

IDG Insider


«How to find your motherboard's Spectre CPU fix


UA Sport Flex wireless headphone review: Made for active music lovers»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Recommended for You


Latin America’s push towards digital transformation

Keri Allan looks at the latest trends and technologies


Meeting Owl brings new wisdom to conferencing

Martin Veitch's inside track on today’s tech trends


A rare glimpse inside the Chinese cybercrime underground

Phil Muncaster reports on China and beyond

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?