Chrome to drop lock icon showing HTTPS status

Chrome to drop lock icon showing HTTPS status
New tune icon for Chrome

Replaced with new "tune" symbol.

By on

Google will remove the familiar lock icon that allows users to check a website's Transport Layer Security status for the connection, citing research that only a few users correctly understood its precise meaning.

The lock icon has been displayed by web browsers since the 1990s, indicating that the connection to web sites is secured and authenticated with encryption.

Users can click on the lock icon to get details on the digital TLS certificate the site is using, and Google has extended the amount of information presented to include what it calls a "more security-neutral entry point to site controls."

However, Google said its 2021 research showed that only 11 percent of participants in a study correctly understood the meaning of the lock icon.

This, Google argued, is not harmless since most phishing sites also use the hyper text transfer protocol secure extension (HTTPS) and also display the lock icon.

Ergo, a lock icon is not in actual fact an indicator of a site's security, 

In 2019, the United States Federal Bureau of Investigation issued public guidance that stated: "Do not trust a website just because it has a lock icon or 'https' in the browser address bar."

Starting with Chrome version 117, Google will introduce a new "tune" icon, which does not imply a site is trustworthy, and is more obviously clickable.

The "tune" icon is more commonly associated with settings and other control, and Google said a more neutral indicator like that prevents the misunderstanding around site security that the lock icon is causing.

While the lock will be replaced on Chrome browsers for desktop use and for Android, on Apple's iOS mobile operating system the icon will go away completely, as Google said its not tappable.

Chrome will continue to warn if a connection is plain-text HTTP and insecure.

Research by Google shows that the vast majority of connections, over 80 percent, are secured with HTTPS nowadays.

Unsecured, non-encrypted connections are mainly from older devices and operating systems still in use and which may never be updated to support encryption, Google said.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © . All rights reserved.

Most Read Articles