Tuesday, 3 August 2021

Google Chrome is making a small but vital change in how it keeps you secure

Google is planning to remove the lock icon from the address bar in Chrome when users visit secure sites with HTTPS enabled.

The company has long been a proponent of HTTPS and back in 2014, it even made the protocol one of its ranking factors so that sites still using HTTP would rank lower in its search results.

For those unfamiliar, HTTP (Hypertext Transfer Protocol) is a protocol that enables browsers to send and receive responses from web hosting servers. HTTPS (Hypertext Transfer Protocol Secure) works the same way but uses TLS/SSL encryption to secure both requests and responses as opposed to sending them in plaintext.

Now that more than 90 percent of all browser connections in Chrome use an HTTPS connection according to the “HTTPS encryption on the web” section of Google's Transparency Report, the company is planning to only alert users when a site isn't using HTTPS.

Connection security indicators

Currently when you visit a site using HTTPS in Google Chrome you'll see a lock icon in the address bar and when you visit a site still using HTTP you'll see an icon depicting an exclamation mark in a triangle with the words “Not secure” next to it.

Google is currently in the process of testing a new feature that removes the lock icon for sites using HTTPS and users running either Chrome 93 Beta or Chrome 94 Canary builds can test it out for themselves by enabling the “Omnibox Updated connection security indicators” flag.

Once enabled, Chrome will only display security indicators for sites using HTTP. However, businesses can continue to have HTTPS security indicators shown to their employees by enabling an enterprise policy in Chrome 93 called “LockIconInAddressBarEnabled”.

While Google is still in the process of testing out this feature, it will likely arrive in a stable version of Chrome later this year at which point users will no longer see the lock icon when visiting sites that use HTTPS to secure their connections.

Via Bleeping Computer

https://ift.tt/3jzP775

No comments:

Post a Comment