Google is taking serious steps towards ensuring that user data and sensitive information moving through the internet is secure and is protected from attacks. Taking a giant stride towards achieving this goal, Google has announced that starting in January 2017, its Chrome browser will start flagging some websites that don’t use web encryption as “Not Secure”. Some, because the company isn’t going to rule out all unencrypted websites just yet, but plans to start off with HTTP sites that ask users for login information like passwords or credit cards. These sites will be flagged as “Not secure” in the Chrome address bar.
For those who may not be aware, the traditional HTTP (Hypertext Transfer Protocol) protocol still used by many sites is unencrypted, meaning anyone with the ability to spy on the connection can steal passwords, private messages, or other sensitive information. However, the HTTPS (Hypertext Transfer Protocol Secure) protocol adds an extra layer of protection against attacks and also ensures that the user is really connecting to the right site and not an imposter one.
Google is not the only big player on the web pushing for more HTTPS, Mozilla and Apple have both indicated that they want more web encryption. The US government has also issued an order that all government agencies in the US should use HTTPS web encryption (for .gov sites) by default before December 2016.
With Google cutting the rope on unencrypted sites with plans to rank encrypted sites higher than unencrypted ones in Search results, more websites are likely to switch to the more secure HTTPS protocol before the end of 2017.