Chrome to drop lock icon showing HTTPS status

By

Replaced with new "tune" symbol.

Google will remove the familiar lock icon that allows users to check a website's Transport Layer Security status for the connection, citing research that only a few users correctly understood its precise meaning.

Chrome to drop lock icon showing HTTPS status
New tune icon for Chrome

The lock icon has been displayed by web browsers since the 1990s, indicating that the connection to web sites is secured and authenticated with encryption.

Users can click on the lock icon to get details on the digital TLS certificate the site is using, and Google has extended the amount of information presented to include what it calls a "more security-neutral entry point to site controls."

However, Google said its 2021 research showed that only 11 percent of participants in a study correctly understood the meaning of the lock icon.

This, Google argued, is not harmless since most phishing sites also use the hyper text transfer protocol secure extension (HTTPS) and also display the lock icon.

Ergo, a lock icon is not in actual fact an indicator of a site's security, 

In 2019, the United States Federal Bureau of Investigation issued public guidance that stated: "Do not trust a website just because it has a lock icon or 'https' in the browser address bar."

Starting with Chrome version 117, Google will introduce a new "tune" icon, which does not imply a site is trustworthy, and is more obviously clickable.

The "tune" icon is more commonly associated with settings and other control, and Google said a more neutral indicator like that prevents the misunderstanding around site security that the lock icon is causing.

While the lock will be replaced on Chrome browsers for desktop use and for Android, on Apple's iOS mobile operating system the icon will go away completely, as Google said its not tappable.

Chrome will continue to warn if a connection is plain-text HTTP and insecure.

Research by Google shows that the vast majority of connections, over 80 percent, are secured with HTTPS nowadays.

Unsecured, non-encrypted connections are mainly from older devices and operating systems still in use and which may never be updated to support encryption, Google said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
chromegooglehttpssecurity

Sponsored Whitepapers

Gain an independent witness with body-worn cameras
Gain an independent witness with body-worn cameras
Gain an independent witness with body-worn cameras
Gain an independent witness with body-worn cameras
Trust Imperative 4.0
Trust Imperative 4.0
Centralized Remote Connectivity for State & Local Government
Centralized Remote Connectivity for State & Local Government
Global Employee Experience Trends Report
Global Employee Experience Trends Report

Events

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation
Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached
Digital ID bill passes parliament

Digital ID bill passes parliament
Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Digital Nation

State of Security 2023
State of Security 2023
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX

Log In

  |  Forgot your password?