Google has driven a crusade against elements that make the web insecure and dangerous. Knowing that not all users might realize or want to make efforts to change their bad security practices, Google tries to enforce security ultimately using Chrome as a carrot and administrator of its website. Over the years, have encouraged HTTPS as the only way for websites to serve content, but it hasn’t been 100% successful. Now it announces the upcoming features and changes in the Chrome browser that will handle Holdout HTTPS while still allowing users to decide their own destiny with their own risk.
Google says that more than 90% of pages are loaded in Chrome already use HTTPS, but it cannot be denied that there are still hundreds that are not. Chrome currently shows which pages use https and are not, but it’s pretty much. If the user does not pay attention to the signs, they will not soon be aware of the dangers hiding in the corner.
In Chrome 94, due in September, Google will test the HTTPS-first mode mode option that will try to load all pages as HTTPS. More important details about this mode are that Chrome will display a full page warning if the page cannot be upgraded to HTTPS, allowing users to decide whether they want to risk continuing or not. Mode will be optional, but Google might make it default if the feature receives enough positive feedback.
The HTTPS page can still be a little mystery for some people. They might assume that a site can be trusted just because it provides content through HTTPS when, in fact, it’s just a connection between browsers and servers that can be considered safe. It does not help Chrome using the key icon to show HTTPS connections, advance misunderstandings.
Google will experiment with the indicator, starting with Chrome 93. Instead of the key, it will only display the arrow pointing down which can be clicked by the user to verify that the connection is safe. The page loaded using HTTP will still get a “unsafe” label to show the fact clearly. Google hopes it will reduce confusion, although it can use a different implementation if the experiment does not work as expected.