Google Chrome will start tagging all http pages as “not protected” with the release of Chrome 68 in July 2018

After 5 months, the current version of the world's most popular browser will add the text " Not secure" in the address bar of all pages that do not open via https. Details and poll under the cut.

Google Security Blog has posted news about the next stage of forcing the transition to https. Let's remember the two previous stages. You can also read about them on the official site of the Chromium project.

In January 2017, a warning appeared on all pages with the input of a password or card number. About it there were posts on Habré and Geektimes .

From October 2017, a warning appears when entering data already on any page margins , as well as for all pages opened in incognito mode. Post on Geektimes .

And from July 2018 absolutely all http pages will be marked as "not protected". You can already see what your http site will look like for visitors - just open it in incognito mode (Ctrl + Shift + N).

Example - http://example.com/

The final stage (until announced when) will be such a red icon.

One of Google’s main arguments in support of this policy is Let's Encrypt . Let's Encrypt (by the way, one of the Linux Foundation projects) issues free TLS certificates for use in production. You can get it either manually at https://www.sslforfree.com/ , or automate the verification and re-release process thanks to the open ACME protocol. CertBot (which is being developed by Electronic Frontier Foundation (EFF) ) is among the many client implementations for various web servers and environments that the client officially recommends. From the good news - on February 27, 2018 they will start issuing wildcard certificates, which were expected by very many.

I also add that the Chromium project also offers to see how the browser reacts to certain problems with https on a special site https://badssl.com .