Standard HTTP communications provide absolutely no data security. Anyone can analyze packets sent over HTTP using easily-available tools like Wireshark to obtain passwords, credit card numbers, and other sensitive data in cleartext. The HTTPS protocol makes up for this lack of security by layering itself on top of the secure SSL/TLS cryptographic protocol. HTTPS is already used by many sites that handle sensitive information such as PayPal and Gmail. However, most of the internet still operates over HTTP, and Google Chrome hopes to change that.
The Chrome Security Team has proposed that browsers gradually start marking all HTTP traffic as non-secure. All popular web browsers [...]