j-mailor

Chrome is "preparing" to start displaying HTTP sites as non-secure

Discussion created by j-mailor on Dec 21, 2014
Latest reply on Jan 4, 2015 by tamer rabee

Reading the computer news I red this info: Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. More: Marking HTTP As Non-Secure - The Chromium Projects

 

If we think it more deeply we have become such a used to http to be displayed as white browser address bar that we can't really see that http is non-secure. Browsers do the following:

a) http site white address bar,

b) https site without extended certificate validation (the same color in Firefox, except of adding a padlock that no-one really notice it),

c) self-signed certificates web sites get big red alert or yellow alert in case of Firefox.

Isn't this strange? I think b) is million times safer then a) and in many cases c) can be million times safer then a) too.

 

We need to know that major population of web users are non-computer literate users. They get white address bar: everything is cool and secure. They get red: something suspicious is going on, but I have no clue what is going on, I will just click on OK, because I just want to see web page.

 

 

There is one major question that I get reading article is: Is Google (with Chrome project) trying to change the web from http to httpS in major scale?

Outcomes