Starting with Chrome 68, Google put all non-HTTPS sites in a negative category called “Not Secure.” Sites carrying this warning label, Google says, are vulnerable to snooping by others. Without its characteristic padlock, Chrome no longer considers any web page safe enough.
This is especially true when you want to share login and payment information. The actual problem occurs when the site is labeled “Dangerous” with a huge red sign. That should make it completely off-limits for any kind of browsing.
Ever since the new SSL standards were enforced by Chrome, it left end users confused. Many are not sure if they want to totally avoid the flagged web pages. Even a site like ESPN is carrying the “not secure” badge at the moment. It somehow feels like overreach if you visit such a site frequently.
How to Remove the Error? Prefix the Web Pages with https
Chrome’s solution for removing the error is to simply prefix “https” in the address bar. That should, theoretically, force the web server to redirect to a secure SSL connection. However, it does not always really work. This is because several leading websites have not bothered implementing the new protocol. From an end user perspective, visiting the site might not offer any risk at all.
The truth is that just because there is a “not secure” badge does not always mean that the site is actually insecure. See the section on “informed risk” for more.
How to Force Web Pages to Enforce SSL
With an extension called KB SSL Enforcer, it is possible to force the web pages to redirect the user to SSL. In most cases along with avoiding seeing the warning, you can also surf more securely under SSL protocol.
The new SSL rules only have to be enforced as shown below. Again, it may not work with all websites because they might not have any provision to redirect their HTTP pages to HTTPS.
Taking an Informed Risk
If you want to proceed with caution regardless of the “Not Secure” error, just take an informed risk and surf without worries. While it’s good to have Google looking out for you, not all web administrators are out there to steal your information.
If you simply want to know whether the website is good enough for casual surfing, there is a web tool called Whynopadlock.com that gives you the entire picture. In the above example a chat site is shown to be passing SSL connection but may have an outdated TLS program. Not all sites need to enforce HTTPS for actual security.
There are many advantages of SSL websites. They not only encrypt your browsing information from third parties but also ISPs that can only look at the main page. A “Not Secure” warning really is reassuring for a regular surfer, especially when payments are involved.
In genuine cases it could seriously mean the site has been compromised. No one likes it when “other people are able to see or change the information you send or receive through a site.”
However, at the moment, it still does not mean that HTTP sites are always unsafe. At the end of the day, it is a matter of choice and you must use discretion.