Google Will Soon Call Out Websites for Not Being Secure

NEW YORK — Google wants to make the Internet safer, and it won’t be shy about pointing fingers at sites that don’t meet its standards.

In an announcement published to the Google Security Blog on Thursday, the search giant said users of its Chrome browser will be warned when accessing non-secure websites, starting January 2017.

Users won’t be blocked from accessing non-secure sites, but they will be alerted when visiting an address that doesn’t use an encrypted connection.

Websites with a “HTTPS” added before the URL indicate an added level of security to normal web browsing, compared to visiting a non-secure “HTTP” connection. This guarantees users are reaching the website they intend to visit, and the extra security protects them against hackers.

“When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you,” Google explained in the statement.

Currently, the search engine indicates that HTTPS — note the “s” on the end — connections are secure with a green lock icon (broken HTTPS connections feature a red lock). However, Google does not currently flag HTTP connections as unsafe, though users can click on the information tab on HTTP sites to learn more about the connection.

The next-generation version of Chrome, called Chrome 56, will start to mark HTTP connections as “not secure.”

“Studies show that users do not perceive the lack of a ‘secure’ icon as a warning, but also that users become blind to warnings that occur too frequently,” Google explains.

To avoid warning fatigue, Google will roll out its warnings gradually, eventually alerting users in Chrome’s Incognito mode — which doesn’t store users’ search histories — that HTTP connections are not secure with a flashier image.

Google said “more than half of Chrome desktop page loads are now served over a secure network.” But only one-third of the top 100 non-Google sites use a secure connection as its default.

Only a handful of sites have switched from HTTP to HTTPS this year.

Emily Schechter, Product Manager for Chrome Security, told CNNMoney only a handful of sites have switched to a secure connection this year.

“We have seen an additional 12 sites move to HTTPS by default [since March],” she said.

Google hinted at the move years ago and reiterated the plan in January 2016. The announcement comes months ahead of the move to allow developers and sites enough time to migrate from to HTTPS before the change kicks in, Schechter explained. Switching over from HTTP won’t affect sites’ search rankings.

Google is not alone in pushing for an encrypted Internet. In 2015, the White House announced that all federal websites must use a secure connection by the end of this year.

The Internet Security Research Group’s Let’s Encrypt initiative helped 3.8 million sites move to a secure connection, according to a Wired report.