Google Chrome will consider all HTTP websites as 'not secure' from today

Originally published at:

Google Chrome will start today with marking all websites that make use of non-encrypted HTTP connections as unsafe. It’s expected that measure will have effect on the majority of the 1 million most popular websites on the internet, according to internet security company CloudFlare.

I think the goal is admirable but given that some certificate authorities are issuing free certs to anyone merely owning a domain it might imply to less clued-in users that conversely all HTTPS sites are ‘secure’, not just in terms of connection (which is all it actually means, though with some CAs there is more IRL verification) but ‘secure’ as in ‘safe’ (one of its other meanings), which isn’t necessarily the case.

1 Like