Google hopes that the warnings it sends to Chrome browser users will encourage websites to move to the secure HTTP protocol.
Google plans to introduce a warning system to alert users about potential security risks when they visit websites that do not use the HTTPS protocol.
Starting in 2015, users of Google?s Chrome browser who visit an HTTP site will receive an alert that the site may not be fully secure. Initial alerts will simply mark a non-HTTPS site as having ?Dubious? security but at a future date, Chrome will start labeling such sites as ?Non-secure."
Google Chrome Browser to Warn Users of Sites That Don't Use HTTPS
=====
Marking HTTP As Non-Secure
Proposal
We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015.
The goal of this proposal is to more clearly display to users that HTTP provides no data security.
Request
We?d like to hear everyone?s thoughts on this proposal, and to discuss with the web community about how different transition plans might serve users.
Background
We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.
Roughly speaking, there are three basic transport layer security states for web origins:
Secure (valid HTTPS, other origins like (*, localhost, *));
Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and
Non-secure (broken HTTPS, HTTP).
Marking HTTP As Non-Secure - The Chromium Projects