Chrome users may begin seeing an annoying but important new warning as they browse the internet this week. Starting today, Chrome will show “not secure” website warnings to alert users when they’re visiting an unencrypted website. The feature is part of the latest version of Chrome, 68.
Now, when you visit an “HTTP” (Hypertext Transfer Protocol) website instead of an “HTTPS” site—its secure, encrypted alternative—Chrome will place a “not secure” warning to the left of the domain name. When you tap this warning for more information, it explains that you should not enter sensitive information on the site such as credit card numbers or passwords. Because the information transmitted on the site isn’t encrypted, it’s open to being stolen by attackers. HTTPS sites are accompanied by a green padlock icon.
This “not secure” warning is merely a warning. It’s not an indicator that the site you’re visiting has actually been compromised in any way.
Chrome announced it would be making this change back in February, but it’s finally rolling out today.
The number of sites that show this warning should be getting fewer and fewer. On Android and Windows, 68 percent of Chrome traffic is now protected by HTTPS. On Chrome OS and Mac devices, 78 percent of traffic is protected. A majority of the web’s most popular websites also use HTTPS these days (81 of the top 100 sites, as of February).
Right now, Google is slowly trying to condition users that HTTPS is the norm for the internet. Its first step is by highlighting HTTP with these “not secure” warnings in Chrome 68, but in Chrome 69 in September, it will replace the green padlock icon next to HTTPS sites with a black lock. At a further date down the line, Chrome will eliminate that lock icon for HTTPS altogether.