Most modern web browsers use a lock icon to let you know if you’re visiting a site that that uses HTTPS for secure connections or not. But Google says in recent years HTTPS has become the rule rather than the exception… and that even phishing sites use HTTPS these days.

In other words, the lock icon doesn’t indicate that a site is safe. It just indicates that it’s using HTTPS. So Google has announced plans to retire the lock icon and replace it with a new icon that doesn’t imply safety.

Later this year the Chrome web browser will begin showing a “tune” icon rather than a lock. Google says it doesn’t imply that a site is trustworthy, and it also makes it more clear to users that they can click the icon to view more information and adjust settings, since it looks more like a typical settings app.

That last point isn’t exactly new: you can already click on the lock icon to view a pop-up window that shows more information about a site, as well as options to adjust how your browser handles third-party cookies and site data, among other things. But Google suggests that many users don’t know that since the lock icon doesn’t look much like a typical menu button.

Google says it will roll out the new icon with Chrome 117, which is set to launch in September, 2023. But folks running beta, dev, or canary channel builds of Chrome may be able to see it sooner. In fact, an early version of the new icon is already available to users running Chrome Canary builds, although you’ll need to enable it via the chrome://flags#chrome-refresh-2023 flag.

The company says the new icon will be coming to desktop versions of the Chrome browser as well as the Android version. But since the lock icon was never clickable in the iOS version of Chrome, Google will remove it altogether.

When you visit sites that aren’t using HTTPS connections, Chrome will continue to mark them as insecure.

via Google

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16,183 other subscribers

Join the Conversation


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Another bone-head move. Best of luck in re-training all the senior citizens who now know where to look for the lock icon to confirm that the site is secure. This icon was part of many web awareness campaigns run by banks and government institutions in India to educate the public. Now all that effort will be lost and people will fall victim to more and more phishing scams.

  2. Well, this means I’m going to be getting lots of calls from seniors wondering where the lock on their bank went. This is a dumb decision, don’t train users in security measures you’re gonna take away.

    1. That’s true. Also, considering Chrome hides the HTTP/HTTPS in the address bar, people now need to click into the address bar to reveal the full address in order to confirm HTTPS.

  3. I’ve always hoped that Chrome would a custom code feature in there, to allow users to add per-website custom CSS and Javascript.

    As a colourblind person, I use a Chrome plugin to add per-website CSS code to redesign things that are impossible for me to see properly.

    I also add some custom Javascript to some online web tools that I use for work to make my life easier. Like I recode some links to open in new tabs by default, or sometimes I add extra data.

    For example, an online form that I submit lots of data through does a poor job at validating data, so I have an extra script I run in my browser to validate data properly (remove spaces, illegal characters, etc).

    You can currently accomplish this in the Chrome Dev Tools menu, but it’s pretty complex, and I can’t easily share these solutions with colleagues. Would be cool to see features like that in the per-website settings menu. Even if you had to unlock it through Chrome dev-tools or something.

  4. I’m sure this will be met with no one really caring one way or another (nor should they), but when Firefox inevitably does the same thing people will be whining that the sky is (still) falling and userchrome.css broke again.