Google expects HTTPS to become the default which means it is moving Chrome toward showing only negative security indicators.
While the change will happen in the fall, it won’t really affect the browsing experience. Users will still be able to browse non-HTTPS websites as earlier. The idea behind the initiative is to let users know their personal information is at a higher risk of getting into the wrong hands while browsing non-HTTPS sites.
Google also shared the following statistics regarding web traffic.
1. Over 68 percent of Chrome traffic on both Android and Windows is now protected
2. Over 78 percent of Chrome traffic on both Chrome OS and Mac is now protected
3. 81 of the top 100 sites on the web use HTTPS by default
“Users should expect that the web is safe by default, and they’ll be warned when there’s an issue. Since we’ll soon start marking all HTTP pages as “not secure”, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure. Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018 (Chrome 69),” said Emily Schechter, product manager for Chrome Security in a post.
In Chrome 69, HTTPS sites will no longer sport the green lock and designation “Secure” before the URL in the address bar. Instead, it will just show a grey lock icon. The final goal is to drop the lock icon as well, showing just the URL without any particular markings if the site is using HTTPS.
Another change going out with Chrome 70 (scheduled to be released in October 2018): Google will start showing the red “Not secure” warning when users enter data on HTTP pages.