October 28, 2025

No HTTPS, no entry?

Article URL →HN comments →

Chrome to warn on unencrypted HTTP by default

Chrome adds 'warning sign' on unsafe sites — cheers, shrugs, and a Linux mystery

TLDR: Starting October 2026, Chrome will warn before loading any site without encryption, nudging the web to safer habits. Commenters split between “already happens,” fears of future hard blocks, and a quirky chart showing Linux lagging; testers shared http://http.rip as the go-to link for trying it.

Google just dropped a big safety play: starting October 2026, Chrome will warn you before loading any site without encryption. That’s tech-speak for “old-school HTTP” vs “locked-down HTTPS,” and the community instantly lit up. One camp is rolling their eyes with a collective “been there.” As one user put it, “Doesn’t it already do this?” Others flexed their test links, pointing to http://http.rip and even mourning the day http://neverssl.com went… secure. The mood? A mix of “finally,” “meh,” and “what took so long.”

But the drama’s bubbling: a doom-tinged comment asked if “cannot connect” is next, sparking fears that soft warnings could become hard blocks. Meanwhile, power users argued they still keep a couple HTTP pages alive to trigger network login pages (those hotel Wi‑Fi splash screens that don’t always appear on secure sites), hinting at real-world friction ahead.

Then there’s the chart tea. The data shows Linux trailing at ~80% encryption usage while Mac, Android, and Windows hover around ~95%, cueing conspiracy theories and memes. Is Linux living in the vintage web, or just visiting dusty archives? Another commenter shrugged that non-secure sites are basically internet fossils—newsrooms from 2007 and blogs from 2011. The vibe: the web’s mostly locked down, but Chrome’s about to make the last 5% very loud.

Key Points

  • Starting October 2026 with Chrome 154, “Always Use Secure Connections” will be enabled by default.
  • Chrome will prompt users before first access to any public site without HTTPS and show a bypassable warning if HTTPS is unavailable.
  • The change addresses risks where attackers can hijack HTTP navigations to deliver malicious content.
  • The opt-in setting launched in 2022 attempted HTTPS first; the default change makes this protection standard for all users.
  • Google’s HTTPS Transparency Report shows adoption rose from ~30–45% in 2015 to ~95–99% by 2020, enabling stronger mitigations now.

Hottest takes

"Doesn't it already do this?" — drusepth
"cannot connect" is next ? — mistrial9
"Why is Linux adoption at 80% when MacOS/Android/Windows are at 95%? Quite unexpected." — dist-epoch

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.
Chrome to warn on unencrypted HTTP by default - Weaving News | Weaving News