See that little “locked lock” icon in your web browser, right next to the URL? That means you are browsing through HTTPS, encrypting your traffic so that third parties cannot spy on most of the information you send. But safe-search HTTPS websites may still be hosted uncertain HTTP forms for you to enter your passwords and other personal information – and Google plans to do something about that in Chrome 86, next October (via 9to5Google).
Primarily, you get a few big, bold warnings, according to Google’s official blog post. The first will look like this:
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/21765780/Screen_Shot_2020_08_13_at_4.34.37_PM.png)
And if you still try to pass on your information, you get a second “are you sure?” – style warning:
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/21765782/Screen_Shot_2020_08_13_at_4.37.25_PM.png)
Google also disables autofill on these so-called “mixed forms”, so the fact that your password managers and auto-complete keyboards do not automatically fall into the text should be a third form of warning.
Google previously tried to alert users to this problem by removing the lock icon when it detected an HTTP form, but the company says “users found this experience unclear and communicated the risks associated with submitting it. data in insecure forms ineffective. ”
Who did I say: no kidding. Tell me the truth: when I asked you to look at the lock icon at the top of this post, how long has it been since you last pleaded this?
Chrome also added DNS-over-HTTPS in Chrome 83, which you can read a little more about here.
