Skip to main content

Google Wants Websites to Declare Themselves Unsafe

Hypertext transfer protocol (HTTP) is so common that most users type it into a URL without thinking about what it actually means. While HTTP is useful for navigating the Web, it's also a ridiculously insecure system, unencrypted and prone to intrusion. As such, Google is considering a radical proposal: Ask all HTTP websites to declare themselves non-secure, encouraging developers to use a secure, encrypted HTTPS alternative instead.

The information comes from The Chromium Projects website, which tracks the progress of Chromium, the open-source underpinnings of Chrome. Changes in Chromium are often reflected in its consumer-oriented counterpart, and vice versa, but Chromium usually pioneers new options and features. Google's proposal aims to show everyday users that HTTP is, generally speaking, not a safe way to browse the Web.

MORE: 100+ Tech Gift Ideas for the Holidays

If adopted, Google's proposal would see Web developers voluntarily implementing up to three site classifications: Secure (fully functional HTTPS systems), Dubious (functional HTTPS with authentication errors) and Non-secure (standard HTTP, and HTTPS with outdated protocols). Chrome (or other browsers) would not necessarily prevent users from accessing these sites, but would let users know that such sites are generally not places to transmit sensitive information due to the possibility of third-party incursions.

While this measure is currently only a proposal, it could have a major impact on the way people browse the Web if adopted. As Google points out, "people do not generally perceive the absence of a warning sign."

Unless a website is actively malicious, most users will not see it as potentially unsafe. More developers adopting HTTPS might help prevent future data breaches in addition to lowering the amount of everyday cybercrime.

Interested developers can add their voice to the discussion on the Chromium forums, and may help determine whether or not Google goes ahead with its plan. From a security perspective, transitioning the Web to HTTPS makes sense, but it's possible that not every website owner has the resources to do so.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.