The BBC has reported that Google is proposing to warn people their data is can be at risk when visiting websites which do not use the “HTTPS” system.

Many sites have adopted the secure version of the basic web protocol to help safeguard data.

The proposal was made by the Google developers working on the search firm’s Chrome browser.

Causing Confusion?

Security experts broadly welcomed the proposal but said it could cause confusion initially.

The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm’s A Warning About Data Risksbrowser.

If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection “provides no data security”.

How Does This Work?

HTTPS uses well-established cryptographic systems to scramble data as it travels from a user’s computer to a website and back again.

The team said warnings were needed because it was known that cyber thieves and government agencies were abusing insecure connections to steal data or spy on people.

Rik Ferguson, a senior analyst at security firm Trend Micro, said warning people when they were using an insecure connection was “a good idea“.

“People seem to make the assumption that communications such as HTTP and email are private to a degree when exactly the opposite is the case,” he said.

Letting people know when their connection to a website is insecure could drive sites to adopt more secure protocols, he said.

A Major Shift is Needed

Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies.

The Google proposal was also floated on discussion boards for other browsers and received guarded support from the Mozilla team behind the Firefox browser and those involved with Opera.

Many large websites and services, including Twitter, Yahoo, Facebook and GMail, already use HTTPS by default.

For more on this story, please visit – http://www.bbc.co.uk/news/technology-30505970