As Sony Pictures has learned the hard way, cybersecurity is extremely important in the digital age. Business owner, governments and everyday consumers are becoming more concerned about potential security threats from websites that are insecure. To make it easier for consumers to identify potential risks, a proposal by the Chrome Security Team would mark sites that don’t use HTTPS as “Non-Secure”.
Google has been actively promoting HTTPS adoption for much of the past year. To show how serious they are about promoting a more secure web, Google has even announced that they would give an SEO boost to sites that were using HTTPS protocols. This proposed change would go a step farther and would effectively penalize sites that don’t have HTTPS. Many consumers would probably skip over a link that was marked as “Non-Secure.”
“We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure,” the team wrote in a proposal on the Chromium Project. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.”
At this point, the team is only in the discussion phase and are asking members of the Chromium community to share their input on the proposal. As most people have a shared interest in a secure web, it’s unlikely that the Chrome Security Team will get much pushback on the proposal.
“We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin,” wrote the team to explain the background of the proposal.
This change is somewhat nuanced but still represents a big change that webmaster and business owners should take note of. The first thing to note is that this change will only affect Chrome browsers (and vicariously, anyone using a Chromebook). This is a huge deal for website owners because, as of November 2014, more than 48 percent of US consumers use Google Chrome.
For people using Google on a different browser like Internet Explorer, Firefox or Safari, HTTP links won’t be marked as insecure. However, Google still intends to give an SEO boost to HTTPS sites, so even if there’s no marking on other browsers, it’s worth it for businesses to make the change.
This new proposal to mark HTTP sites as “Non-Secure” on Google Chrome should change the way webmasters think about win to make the switch. Making the switch definitely takes time and effort, but if sites will be penalized on nearly half the browsers in the US, there’s really not much choice.
As was stated before, this is just a proposal, so there’s no guarantee that these changes will be implemented. However, regardless of the outcome on this particular proposal, business owners and webmasters should see that the writing is on the wall in regards to making the HTTP to HTTPS switch. This is something you will need to do in 2015.