Google first warned of the changes back in September. They are now published to the latest Chrome Beta release and will be launched publicly with Chrome 56. According to Google, the new classification of HTTP websites will help users to stay secure online.
HTTP is the “classic” web protocol used to connect different devices together. It doesn’t offer any security, transmitting data in plain text. While most modern reputable sites use the secure version of the protocol, HTTPS, some still offer login forms and even purchase gateways that aren’t protected. Google will now notify users when this is the case, making it evident that HTTPS is not in use and no data is being encrypted.
Chrome will detect when a webpage contains a password https://9to5google.com/2016/12/08/chrome-56-beta-features/ t=_blank]or credit card input field. If HTTPS is not being used, a “Not Secure” warning will be placed in the address bar, where the green “secure” padlock would be for an HTTPS site. Previously, HTTP pages had a neutral grey icon. This will continue to be used on sites which do not collect sensitive information.
“To help users browse safely, Chrome indicates connection security with an icon in the address bar,” said Google. “Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Starting in version 56, Chrome will mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
Recently, HTTPS adoption has begun to accelerate, spreading across the Internet and keeping data private. Around two thirds of page loads made by desktop Chrome users on Windows, Mac and Linux are now made securely, according to Google’s latest HTTPS Transparency Report. Besides encouraging protocol adoption, Google also wants to educate people on the risks of insecure connections. The new “Not Secure” marker will help people to consciously appreciate they’re about to enter their credit card number into a webpage that offers no security.
Chrome 56 also includes a few new features that extend the functionality offered by websites. Google has expanded on the Web Bluetooth API to enable developers to access the Bluetooth Low Energy modules in compatible Android devices. Websites can connect to Bluetooth accessories in “just a few lines” of code, letting them engage with printers and LED displays.
Google has also added support for the Remote Playback API that allows webpages to control the media playing on smart TVs and home speaker systems. There’s additional compatibility with Physical Web beacon devices and WebVR headsets too. It all combines to create a richer online experience. The update should launch publicly in early January.
