I think it's fine they are doing it, but success will depend on how they go about it.
For example, they should probably start by changing only the link's icon to show it's insecure - as they propose, perhaps making it yellow instead of white. Then after a year more they could show that icon in red. After another year, they could give a light pop-up warning, and after a year more, they could put an aggressive malware-like (hey, it's not too far from the truth when NSA and GCHQ are firehosing and datamining all plain-text connections...) red pop-up warning that says the connection is insecure.
Then after a year more, they could even grey out or take out the "continue" button, and only provide a small link instead, so most people run away from that site.
I think 5 years (2020) is a reasonable time period to get to that point. If 7 years after the Snowden revelations we don't even have most of the Internet secured with HTTPS, then we really suck and deserve the totalitarian regimes coming at us (it won't be just the 5 Eyes doing mass spying in 2020).
Besides, it's not what the users think that matters, it's what the web developers do knowing that in 2 years their site will have an insecure red icon and in 3 years it will have a pop-up warning, and in 5 years users will essentially be driven away from their site. Even if 90 percent of the traffic keeps clicking through the warnings, can they live knowing their site shows that to the users? So this is a battle for convincing web developers, not users, that they should be securing their sites.
For example, they should probably start by changing only the link's icon to show it's insecure - as they propose, perhaps making it yellow instead of white. Then after a year more they could show that icon in red. After another year, they could give a light pop-up warning, and after a year more, they could put an aggressive malware-like (hey, it's not too far from the truth when NSA and GCHQ are firehosing and datamining all plain-text connections...) red pop-up warning that says the connection is insecure.
Then after a year more, they could even grey out or take out the "continue" button, and only provide a small link instead, so most people run away from that site.
I think 5 years (2020) is a reasonable time period to get to that point. If 7 years after the Snowden revelations we don't even have most of the Internet secured with HTTPS, then we really suck and deserve the totalitarian regimes coming at us (it won't be just the 5 Eyes doing mass spying in 2020).
Besides, it's not what the users think that matters, it's what the web developers do knowing that in 2 years their site will have an insecure red icon and in 3 years it will have a pop-up warning, and in 5 years users will essentially be driven away from their site. Even if 90 percent of the traffic keeps clicking through the warnings, can they live knowing their site shows that to the users? So this is a battle for convincing web developers, not users, that they should be securing their sites.