To Secure or Not to Secure
Starting next year (Oct. 2026), Chrome will be changing its default setting for accessing websites. It will begin asking users for permission before connecting to anything not using HTTPS. So what does that mean, exactly?
HTTP stands for hypertext transfer protocol, and it is the very marrow of the skeletal frame of the internet. It was developed in 1989 at CERN by Tim Berners-Lee and his team. They are collectively also responsible for HTML (hypertext markup language) and the associated technologies that made the web what it is. At the time of its invention, HTTP was only able to perform a single command: GET. ‘Go retrieve that file from over there’. It’s the foundation of search engines. Every query has an inherent GET command, and HTML is still utilized today, although user fluency isn’t what it used to be (do you know how to italicize/bold/underscore text via keystroke?).
At its core, HTTP performs a simple task. It transfers information between networked devices and runs in conjunction with other functions of the network protocol stack. For instance, I frequently refer to my OpenCTI dashboard. This is a server I’m accessing remotely from my work computer. The connection is running on HTTP. When you run a search for something – on desktop; mobile search engines express differently for space saving reasons – the listed results will have a hyperlink ‘headline’, and above it will be an icon, the name of the site and its specific internet address. Take a look sometime at what is in front of that. It will either be http or https.
Sidenote: websites that do not have http(s) or www in front of their address are configured so that they go to their domain directly. Weather[.]com is an example; clicking goes directly to that site without the need for http or www.
So why the shift to HTTPS? That ‘S’ stands for secure. Unencrypted data is subject to any number of vulnerabilities, as is evidenced by the entire existence of information/cyber security as an industry. HTTPS adds a layer of encryption to any transferred data or location, usually Transport Layer Security (TLS) or Secure Sockets Layer (SSL). This protocol requires authentication from the host site, and gives some protection regarding the privacy of the client accessing it. It’s certainly not invulnerable, but it is a way of knowing at a glance if a site is as safe as possible. In my work as an analyst, I have come across cases where the HTTPS traffic was perfectly fine and legitimate, and the HTTP was not.
And that, in a nutshell, is why Chrome is initiating this change. Secure transfers are safer. Requiring user permission puts the onus of responsibility on that user for any risk in visiting a site without that layer.
Posted on LinkedIn, 10/29/25













