At the recent Usenix Enigma security conference, Google showed off its new security indicator for sites that serve content over the HTTP protocol.
HTTP sites are unencrypted, which means that any data transferred between your browser and the target server can be intercepted by hackers or even government surveillance tools that are capable on snooping on your connection.
Parisa Tabriz, who manages Google’s security engineering team echoed the company’s sentiments in a tweet, linking to a proposal to turn on the new security indicator in Chrome by default.
Chrome already has icons in the address bar to indicate if the site you’re browsing is secured with HTTPS or if they have weak security that can’t guarantee your privacy. For standard HTTP sites, it displays a white page icon.
The idea behind the soon-to-be-introduced icon, which features a lock with a red X on it and will show for insecure sites, is that it’s important for users to know not only when they’re browsing a secure site but also know when their online activity isn’t entirely private.
The company has previously called for implementing HTTPS across the Web and also tweaked its search engine algorithm to rank secure pages higher than other results.
It’s not alone in this effort: tech heavyweights like Twitter, DuckDuckGo, Dropbox, the Electronic Frontier Foundation and Reddit are campaigning together to encourage the adoption of HTTPS as part of the Encrypt All The Things program.
Google hasn’t officially confirmed when it will introduce the new security indicator by default, but it might well arrive in the near future.
There’s already an experimental setting to turn it on (visit “chrome://flags” in Chrome, find the “Mark non-secure origins as” option and and choose “Mark non-secure origins as non-secure.”
We’ve contacted Google to learn more and will update this post when we hear back.