Google has confirmed that it is to extend its crusade against unencrypted web traffic by prominently displaying a warning icon in the Chrome address bar when a connection is not encrypted.
Advertising giant Google is gung-ho about encryption on the 'net. The company runs its own fork of the OpenSSL cryptographic library, BoringSSL
, and in August 2014 announced a programme to encourage the adoption of TLS encryption
by giving encrypted sites a boost to their search rankings over unencrypted equivalents. Now, the company is taking things a step further: adding a new icon to the Chrome address bar, a red cross over a padlock, to indicate that a connection is unencrypted.
Presently, Chrome - along with most browsers - only shows a padlock icon when the connection is encrypted with TLS or SSL. The icon is modified in a variety of ways depending on the connection - green for verified certificates, with a warning cross if some content is loaded without encryption or if there is a problem with the certificate - but for connections which do not use encryption no icon is displayed at all. The change will see the padlock icon constantly visible, with an obvious warning cross overlaid for all unencrypted connections.
The change, as with most things developed for Chrome, will begin with the open-source Chromium browser on which it is based, and goes back to a proposal for a transition plan for deployment in 2015
. Now, it's time to make the shift: Vice
reports from the Usenix Enigma security conference, held this week in San Fransico, that Google has everything ready to run and will be making an announcement on the go-live date for the shift soon. Thus far, none of the company's rivals have indicated whether or not they will follow suit in their own browsers.