Google will remove the green padlock
In the new version 70 of the Chrome browser that is scheduled for October this year, Google has announced that they will remove the green padlock marking of secure sites.
This is done because SSL certificates are easy to use and available for all, and secure HTTPS is now more or less the standard for websites and users now expect that sites are secure.
Google says on their Chromium blog on May 17th that earlier the HTTP usage was too high to mark unsecured sites in an efficient way. Therefore Google chose to mark secure sites with the green padlock.
This has now changed and HTTPS sites by far outnumber HTTP sites.
The green padlock will be replaced by a 'Not secure' warning when the user enters data in a form on a non-HTTPS site.
So there will be no warning for a non-secure HTTP site until the user starts to interact by filling in a form. Since all the SSL encryption does is to encrypt data transfers from forms, this means that the warning will appear where and when it's needed.
When you start to fill out a form on a non-HTTPS site, there will be a red warning sign where the green padlock now used to be.
Chrome will roll this change out over time.
In the current Chrome 67 version, HTTPS sites are marked with a green padlock.
In Chrome 69, planned for September this year, secure sites will be marked with a grey padlock.
For Chrome 70 the secure marking will completely disappear.
In February Google stated on their Google Security Blog that this change will appear already in Chrome version 68 that is planned for July this year.
But whatever the timeframe will be, the padlock is going away.
This does not mean that we should forget to install SSL on our sites. We should be as thorough as before on this matter. But the only page or post that users will be warned about non-HTTPS is where an interaction takes place.
Sources:
Google Chromium Blog
Google Security Blog
Recent Comments
81
Who made the https? If it is Google it sees that the padlock secure is just a redundancy of what they really meant.
The SSL encryption protocol was introduced by Netscape in 1994 so this is not a Google invention. But Google has over the past year been a pusher of making encryption of personal and sensitive information on websites a standard which is a good thing.
For normal non-interactive pages or posts, there is no need for SSL and there has never actually been a need for that.
It is only where any interaction takes place, where you send your information in a form to a recipient, that encryption of that information is needed.
Best guess is it will be treated as an HTTP site. So you will probably get the warning label on siterubix sites.
They will be treated as HTTP, and will show no warning except for pages and posts with forms.
Is it actually any change from what the situation is today on free siterubix?
No SSL is available, so there is no green padlock, and a big insecure warning if you are unlucky.
No changes are needed, and we don't need to do anything else than what we already do.
The only change that may happen is that SSL will be installed by default and we don't have to switch it on. But I have no idea if that is something that is in the plans of the WA-crew.
See more comments
This is good to know
thank you!
Thank you for reading