-Tom Lidikay

 


In a previous announcement, google announced new versions of chrome would list HTTP only sites as “unsecure” as part of their campaign to move the web to SSL encryption. In this newest announcement, Future versions of Chrome would no longer display HTTPS sites as secure, removing the green text in september of this year, and eventually removing the padlock icon as well. There is no word so far, as to whether more expensive “verified” SSL certificates will still display as they are now.

This could turn out to be a controversial move. The prevailing logic that has been laid down to users by technical staff, has been to always look for the padlock icon. An update removing this could result in many panicked user calls to their helpdesk.

My personal opinion is that this move is a mistake. Leaving a blank URL bar and only flagging insecure sites does not do enough, and opens the field for more “shenanigans” to be performed by malware packages or malicious sites. It isn’t a question about whether an exploit that can do this exists; One almost certainly does, in some capacity. All software has flaws, and any developer who insists otherwise is incredibly foolish.

Removing an extra “pass/fail” check that could tip off the user to a problem isn’t a good plan, and the motivations behind this change are dubious at best.