When you visit a website using Google Chrome, you might see a “Not Secure” label in the address bar at the top of the browser. But don’t panic: This doesn’t mean what it sounds like.
You have not been hacked or infected with malware. So, if you see this warning and think you’ve been attacked or compromised in some way, you can take a deep breath before we proceed.
Now, here’s what that warning does mean.
“Not Secure” Means “Not Encrypted”
This “Not Secure” label is a simple warning that the website you’re visiting is using HTTP instead of HTTPS (a.k.a. “secure HTTP”). HTTP has been the primary protocol used for internet connections until very recently (the last few years). In fact, nothing about your internet security has changed whatsoever—HTTP websites have the same level of security that they always have.
The only difference now is that Google Chrome started automatically issuing this “Not Secure” warning on HTTP websites because HTTP is not encrypted (whereas HTTPS is). It’s Google’s way of telling you to proceed with caution.
When Does the “Not Secure” Warning Matter?
This warning is only relevant to websites that deal with confidential data—for example, sites that require you to log in with a username and password, or e-commerce sites that ask for your credit card information.
However, for average websites that see a modest amount of traffic and don’t deal with sensitive data, HTTP is still perfectly fine. The only time this “Not Secure” warning should give you pause is when you’re making an online purchase or inputting personal information. Your data may not be fully protected by encryption on an HTTP website, so you should think twice about sharing it.
What’s the Big Deal About Encryption?
When you visit a website, your browser sends data to that website’s server. Encryption is an added layer of security that prevents malicious parties from spying on the data that’s being sent.
Think of your data as physical mail. Visiting an HTTP website is like mailing something in a standard envelope, while visiting an HTTPS website is like using an opaque security envelope. Security envelopes have a dark pattern printed on the inside so their contents can’t be read when they’re held up to the light. Similarly, encrypted data can’t be rendered by a party that hasn’t been authorized to receive it. It keeps people from spying or eavesdropping on your data.
The lack of encryption on HTTP protocols is why many major websites have transitioned to HTTPS, which does provide encryption. You’ll notice that popular websites like Facebook.com, Google.com, and Amazon.com don’t show a “Not Secure” warning when you visit them. This is because they’re using the HTTPS protocol to protect your confidential login and payment information.
For general websites, though, the distinction between HTTP and HTTPS matters little. As long as you’re not signing in with a password or inputting private account numbers, you don’t have to worry about whether or not the website provides encryption.
So, now that you know what this warning in Chrome means, you can browse with confidence—and without fear!