See that little “closed lock” icon in your web browser, right next to the URL? That means you’re browsing via HTTPS, encrypting your traffic so third parties can’t spy on most of the information you’re sending. But secure-looking HTTPS websites can still house insecure HTTP forms for you to fill in your passwords and other personal data — and Google is planning to do something about that in Chrome 86, coming this October (via 9to5Google).
Primarily, you’ll get a couple of big, bold warnings, according to Google’s official blog post. The first will look something like this:
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/21765780/Screen_Shot_2020_08_13_at_4.34.37_PM.png)
And if you try to submit your information anyway, you’ll get a second “are you sure?”-style warning:
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/21765782/Screen_Shot_2020_08_13_at_4.37.25_PM.png)
Google’s also disabling autofill on these so-called “mixed forms,” so the fact that your password managers and auto-complete keyboards don’t automatically drop in the text should be a third form of warning.
Google previously tried to alert users to this issue by removing the lock icon when it detected an HTTP form, but the company says “users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms.”
To which I say: no kidding. Tell me the truth: when I asked you to look at the lock icon at the top of this post, how long had it been since the last time you’d bothered to do so?
Chrome also added DNS-over-HTTPS in Chrome 83, which you can read a little more about here.
