All the tinfoil hat theories apart, the web can be a scary place. It is now easier than ever for anyone to gain unauthorized access to your data. Which is why it is of utmost importance that most data, if not all, is transmitted over secure HTTPS channels. Google Chrome has been on the forefront on the war against insecure websites that do not employ HTTPS and actively made an attempt to warn users that their data will be at risk.
We first saw notifications that stated that the page was “not secure” in Chrome 56, but it was restricted only to pages that stored passwords, payment information, and other such sensitive data. As a follow up to the initiative, Chrome 68 will display all non-HTTPS sites as "not secure". Similarly, all pages launched in Incognito mode were labeled the same.
How will this affect your browsing experience?
Short answer; it won't. You'll still be able to browse non-HTTPS websites as earlier. The idea behind the initiative is to let users know that their personal information is at a higher risk of getting into the wrong hands while browsing non-HTTPS sites.
“For the past several years, we’ve moved toward a more secure web by strongly advocating for HTTPS encryption, and helped users to understand that HTTP sites are not secure. Developers transitioning their sites to HTTPS have made the web safer for everyone.” Google said in a blog post.
Will this affect websites that do not employ HTTPS?
Yes, websites that do not use HTTPS might witness a potential dip in traffic, as a yellow triangle with "not secure" plastered next to it has the potential to scare away some of the more paranoid users. But, it is a good thing in the long run as it will incentivize more developers to use HTTPS on their websites.
Honestly, there’s no reason developers shouldn’t adopt it. It’s cheaper and easier than ever before. Undertakings such as Let’s Encrypt and Google’s SSL for Google App Engine makes it a lot easier for HTTPS to be implemented. There are also tools like Lighthouse, which identifies website resources that are ready to be upgraded to HTTPS.
That being said, even HTTPS isn't one hundred percent waterproof, as demonstrated by the Heartbleed exploit from some time ago. however, it is a step in the right direction to ensure a more secure browsing experience for everyone.
