The Beginning of the End for Unsecured Websites

Chrome looks to be the first browser that is going to call a spade a spade. Starting in July 2018, Chrome will list all websites that aren’t utilizing HTTPS as unsecured:

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

I think Let’s Encrypt was the catalyst that made this decision possible. Before Let’s Encrypt was released, acquiring and managing TLS certificates could be a painful experience. What made matters worse is that the entire process had to be redone whenever the acquired TLS certificates expired. Let’s Encrypt turned that oftentimes annoying and expensive process into an easy command. This made it feasible for even amateur website administrators to implement HTTPS.

The Internet is slowly moving to a more secure model. HTTPS not only prevents third parties from seeing your web traffic but, maybe even more importantly, it also prevents third parties from altering your web traffic.