March 16, 2018

Google Chrome to mark all HTTP sites as insecure from July 2018

Ross Ross Gerring

There are two types of websites: HTTP and HTTPS

The ‘S’ signifies that the data being exchanged between the site (where it’s hosted) and the people (or robots) interacting with the site is encrypted. If it is encrypted, then it’s safe from prying eyes, malicious or otherwise.

An image hosting how Google Chrome will mark HTTP sites as not secure from July 2018

Let’s take the example of when you fill out a ‘Contact Us’ form on an HTTP website. When you click ‘Send’, this information is being transmitted across the internet, in plain text, between your device and a web server. Arguably, this level of privacy – or lack thereof – isn’t a huge deal for the information you might provide on a ‘Contact Us’ form. But privacy becomes much more of a huge deal when more sensitive/confidential information is being exchanged. Like medical records, financial information, and suchlike.

Where to draw the line between what’s confidential and what’s not? What should be encrypted and what doesn’t need to be? There’s no single answer, because clearly there’s a lot of room for subjectivity.

Solution: encrypt everything, just to be sure. Encourage ALL websites to be HTTPS and not HTTP.

The good news is that Google, using its Chrome browser, is doing just this, from July 2018. If your site isn’t on HTTPS from July 2018, then Chrome will clearly mark it as “Not secure”.

Itomic hosts multiple websites. We will be working with our hosting clients to ensure that all the sites we host are HTTPS by July 2018.

Further reading: