latest
Chrome will nag you to stop visiting sites without HTTPS
Full-page warnings incoming for HTTP websites in Chrome 94
We may not like everything Google plans for its browser and the open web (FLOC, Manifest v3, and Chromium's dominance come to mind), but there's one thing everyone can agree on: Staying secure on the web is always important. Google and other browser makers have long been pushing webhosters and website owners to use the encrypted, more secure HTTPS standard over HTTP, and they've already managed to win more than 90% of regularly visited websites over. To get hold of the rest, Google wants to make HTTP sites an even less appealing place to visit starting in Chrome 94, slated to arrive in September.
5 changes in Google Chrome 90 you need to know about (APK Download)
Default HTTPS, improved copy-and-paste, better AR models, and more
Read update
Google has just released Chrome 90 to the stable channel. There aren't too many UI changes or new features for us regular folks on the surface, but under the hood, Google has added a whole slew of improvements that you'll certainly notice over time. You'll get enhancements to copy-and-paste, better AR models, and support for a new codec that uses less bandwidth during video conferences.
Chrome 90 gets a speed and security boost with an overdue policy change
HTTPS coming to the fast lane
After years of propping up widespread adoption of the protocol, Google will release Chrome 90 as the first version of the web browser to transmit data to and from sites using HTTPS instead of HTTP by default.
Chrome has finally reached the 80s. The browser sadly doesn't have a neon theme or play The Power of Love at startup, but maybe Google is saving that for v85. Regardless, this version has plenty of changes to go into, so let's dive in.
After a short rollout delay, Chrome 79 is now widely available on desktop and mobile platforms. That means Chrome 80 has moved up to the beta channel, and while there are a few new features, there are far more removed features. Let's dive right in!
HTTPS has largely replaced its less secure predecessor HTTP as the default choice for sending resources over the internet. The key difference between the two is that HTTPS transmits data using an encrypted connection, while data loaded over HTTP is not. Google began marking all sites still utilizing HTTP connections as 'Not Secure' with the release of Chrome 68 last year, and today, Google announced additional plans to inform users when sites utilize an insecure connection. With these latest changes, the Chrome team hopes to address the problem of mixed content.
Read update
- Google published a blog post today about the above changes, and shared some interesting statistics. The company says that 76% of Chrome traffic on Android is encrypted, up from 42% two years ago. In addition, 85% of Chrome OS traffic is secure, and 83 of the top 100 sites on the web use HTTPS by default.
HTTPS adoption has surged over the past few years, mostly thanks to the availability of free SSL/TLS certificates from Let's Encrypt. Browser vendors have also been encouraging sites to switch to HTTPS, and Google said earlier this year that Chrome would eventually mark all HTTP-only sites as 'Not Secure.'
Read update
- As pointed out by Madis in the comments, you can try out the new indicator behavior already by enabling the following Chrome flag #simplify-https-indicator.
Earlier this year, the team behind Chrome stated that all HTTP pages will be marked as 'Not secure' later on this year, in a bid to encourage even more site owners to move to the more secure HTTPS standard. We now know a little bit more about planned changes to Chrome's security indicators, including how HTTPS pages will be shown as default pages going forward.
Three years ago, Google paid $25 million for exclusive rights to the '.app' top-level web domain. At long last, the company is now opening up registrations for .app, with the Early Access Program in full swing. The general public will have to wait until May 8, but various companies have already bought over 3,000 .app domains.
The whole web is slowly marching towards HTTPS, especially since browsers like Chrome are starting to shame HTTP-only sites. After years of readers asking why we haven't already done so, I'm proud to announce that Android Police now supports HTTPS! If you're wondering what exactly that is, or why it matters, read on.
For years, HTTPS was regarded as only necessary for sites handling critical information, like bank portals. The movement for all sites to use HTTPS has gained traction over the past few years, partially thanks to the availability of free SSL/TLS certificates from Let's Encrypt, and partially thanks to browsers encouraging sites to switch. Starting with version 68, Chrome will start marking all HTTP sites as 'Not Secure.'
Google has been planning to mark all HTTP sites as non-secure in Chrome for a while now, but the company is taking baby steps to ensure users (and owners of HTTP-only sites) don't freak out. Chrome already identifies HTTP sites with password or credit card fields as "Not Secure" in the address bar, and Chrome 62 will expand that to any HTTP site with any data entry fields.
Ever noticed how your Android Downloads folder easily gets cluttered with useless files and documents that you viewed once and never needed again? This is especially true of PDF files since Chrome can't open them natively and thus hands them over to other applications, the default being Google Drive's PDF viewer. Well, I noticed a strange thing recently: sometimes PDF files would just load in Drive directly and it seemed that my phone's Downloads folder clutter wasn't getting out of hand as fast as it used to. Some investigation was in order.
Alert! Alert! If you use Instagram's Android app, complete strangers could be looking at your photos of appetizers and makeup techniques right now! ...which is kind of the point of Instagram, I suppose. But security researcher Mazin Ahmed discovered that the app uses standard HTTP to transmit photos, cookies, and authentication (including usernames and unique IDs), instead of the encrypted HTTPS protocol. As Mr. Mackie is so fond of saying, that's bad.