How to Deal with the “Not Secure” Warning on Google Chrome

Featured Not Secure Lock for Chrome

Starting with Chrome 68, Google put all non-HTTPS sites in a negative category called “Not Secure.” Sites carrying this warning label, Google says, are vulnerable to snooping by others. Without its characteristic padlock, Chrome no longer considers any web page safe enough.

This is especially true when you want to share login and payment information. The actual problem occurs when the site is labeled “Dangerous” with a huge red sign. That should make it completely off-limits for any kind of browsing.

google-info-page-not-secure-sites

Ever since the new SSL standards were enforced by Chrome, it left end users confused. Many are not sure if they want to totally avoid the flagged web pages. Even a site like ESPN is carrying the “not secure” badge at the moment. It somehow feels like overreach if you visit such a site frequently.

ESPN not secure warning

Chrome’s solution for removing the error is to simply prefix “https” in the address bar. That should, theoretically, force the web server to redirect to a secure SSL connection. However, it does not always really work. This is because several leading websites have not bothered implementing the new protocol. From an end user perspective, visiting the site might not offer any risk at all.

time-not-secure-error

The truth is that just because there is a “not secure” badge does not always mean that the site is actually insecure. See the section on “informed risk” for more.

With an extension called KB SSL Enforcer, it is possible to force the web pages to redirect the user to SSL. In most cases along with avoiding seeing the warning, you can also surf more securely under SSL protocol.

kb-ssl-enforcer-official-website

The new SSL rules only have to be enforced as shown below. Again, it may not work with all websites because they might not have any provision to redirect their HTTP pages to HTTPS.

kb-ssl-enforcer-test

If you want to proceed with caution regardless of the “Not Secure” error, just take an informed risk and surf without worries. While it’s good to have Google looking out for you, not all web administrators are out there to steal your information.

Let’s face it. These are regular HTTP web pages that have always been around, and it might be safer than what Google says. Technical reasons for SSL errors include expired SSL certificates, errors in images, CSS, JavaScript and other errors, mismatched TLS and so on.

whynopadlock-test

If you simply want to know whether the website is good enough for casual surfing, there is a web tool called Whynopadlock.com that gives you the entire picture. In the above example a chat site is shown to be passing SSL connection but may have an outdated TLS program. Not all sites need to enforce HTTPS for actual security.

There are many advantages of SSL websites. They not only encrypt your browsing information from third parties but also ISPs that can only look at the main page. A “Not Secure” warning really is reassuring for a regular surfer, especially when payments are involved.

In genuine cases it could seriously mean the site has been compromised. No one likes it when “other people are able to see or change the information you send or receive through a site.”

However, at the moment, it still does not mean that HTTP sites are always unsafe. At the end of the day, it is a matter of choice and you must use discretion.

8 comments

  1. “How to Remove the Error? Prefix the Web Pages with https”
    Unfortunately there still are many reputable sites that will not load with the “https” prefix. Just because a site is not listed on Google’s Safe Browsing servers, does not mean it is unsafe. Besides, if I wish to engage in “unprotected” browsing, who is Google to stop me?! What’s next? Google forcing everybody to use only Google Search to the exclusion of all other search engines?

    • “Unfortunately there still are many reputable sites that will not load with the “https” prefix. Just because a site is not listed on Google’s Safe Browsing servers, does not mean it is unsafe. ”

      Well, I said the same thing. Glad we’re seeing together on this :)

      I’m probably the biggest internet privacy advocate this side of the Bosporus Strait. Heh heh.

        • I don’t live in Turkey. It’s a metaphorical example of “East versus West”. As a backpacker similar to that movie EuroTrip (2002), I had some of the most memorable moments in Istanbul.

          Thank you for your interest in chatting but this place should only be for a discussion on this article topic. You are welcome to add me on my Twitter account.

          Glad to be of help.

  2. This recommended app “KB SSL Enforcer” also has access to all your data and far too many “Permissions!”
    Who are you going to trust?

    • “Who are you going to trust?”
      If you use the Internet, you should not trust anybody on it. Or any app, for that matter.

  3. @ Brian

    “This recommended app “KB SSL Enforcer” also has access to all your data and far too many “Permissions!”

    That is not how SSL/TLS enforcer extensions work. KB extension enforces SSL encryption on the website BEFORE you will enter your data or proceed to a new page.

    If there are any unencrypted requests after that, blame it on the domain, not the extension.

    Also I don’t see too many permissions. Just see the screenshot. Click the enforce button and if the site supports SSL (TLS), then all subsequent requests should be sent over SSL.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories