Chrome 68 "Not secure" How to make it in red color?

Question

Chrome 68 new security feature

I absolutely love the new feature which is showing:

on all non-HTTPS sites as of Chrome version 68.

Though, I would like it in red color for my mother to see clearly whether she is shopping on an at least communication secured site.

Do I have such option somewhere?

24.8k39 gold badges126 silver badges180 bronze badges

asked Jul 25, 2018 at 5:30

9

Give the continued pervasiveness of non-HTTPS sites, don’t you fear that the high false-positive rate will numb your non-tech-y mother, training her to ignore the warning sign? Imagine every intersection had “STOP” signs. People would learn quickly to ignore them (this is altogether non-hypothetical).

2018-07-25 15:36:56 +00:00

Commented Jul 25, 2018 at 15:36
It would be nice if it could be yellow instead of red. While I am of the opinion that "if it's on the wire it should be encrypted", a non-https site isn't automatically insecure, it's just not encrypted. If you're doing nothing but looking at stuff then you're not risking anything.

2018-07-25 15:41:31 +00:00

Commented Jul 25, 2018 at 15:41
@KonradRudolph I told her literally, don't buy anything on the "red" shops and don't enter any sensitive information there, otherwise their Ok for weather forecasting and such normal things.

2018-07-25 15:47:53 +00:00

Commented Jul 25, 2018 at 15:47
@Petro: If that were true, every major browser wouldn't be moving towards this model! You're still vulnerable to injection attacks from your gateway or ISP over http, never mind other users of the same network. ISP-level injection in particular happens a lot on some networks.

2018-07-26 12:47:50 +00:00

Commented Jul 26, 2018 at 12:47

Give the continued pervasiveness of non-HTTPS sites, don’t you fear that the high false-positive rate will numb your non-tech-y mother, training her to ignore the warning sign? Imagine every intersection had “STOP” signs. People would learn quickly to ignore them (this is altogether non-hypothetical).
It would be nice if it could be yellow instead of red. While I am of the opinion that "if it's on the wire it should be encrypted", a non-https site isn't automatically insecure, it's just not encrypted. If you're doing nothing but looking at stuff then you're not risking anything.
@KonradRudolph I told her literally, don't buy anything on the "red" shops and don't enter any sensitive information there, otherwise their Ok for weather forecasting and such normal things.
@Petro: If that were true, every major browser wouldn't be moving towards this model! You're still vulnerable to injection attacks from your gateway or ISP over http, never mind other users of the same network. ISP-level injection in particular happens a lot on some networks.

Answer 1

The result being all non-HTTPS pages in red color:

Access internal settings:

chrome://flags/

Look for:

Mark non-secure origins as non-secure

or use this direct link (thanks to Baptiste Candellier):

chrome://flags#enable-mark-http-as

And set it to:

Enabled (mark as actively dangerous)

Warning: Upgrading to Chrome 68 deleted all my cookies and messed up some extensions. Make a backup of your profile if you care and want to try this feature.