HTTPS is rather more secure than what HTTP is. Because it creates a relative secure tunnel between the client and host. But HTTPS does not mean 100% secure, it's easy to be hacked by MITM or traffic been spied.
I think that getting rid of HTTP should not be shamed in that way. But google is planning on doing this thing.
Just as someone said, MITM attackers can switch google ads to others, and I think this is the reason why Google wants to shame those sites who use Google Ads and not use HTTPS. Google can make an increasing revenue by this act.
And yet HTTP2 is out, will google shame those sites who only support HTTP1.0/HTTP1.1 ? I don't think so. Because this has almost nothing to do with revenue for Google.
> But HTTPS does not mean 100% secure, it's easy to be hacked by MITM or traffic been spied.
I don't know what properties you think HTTPS lacks here, but no, HTTPS doesn't allow "easy" MITM or eavesdropping. If you want to break HTTPS, you either need to compromise an endpoint, or pressure an accepted certificate authority to risk destroying their entire business by issuing a fraudulent certificate.
I think that getting rid of HTTP should not be shamed in that way. But google is planning on doing this thing.
Just as someone said, MITM attackers can switch google ads to others, and I think this is the reason why Google wants to shame those sites who use Google Ads and not use HTTPS. Google can make an increasing revenue by this act.
And yet HTTP2 is out, will google shame those sites who only support HTTP1.0/HTTP1.1 ? I don't think so. Because this has almost nothing to do with revenue for Google.