Most modern web browsers use a lock icon to let you know if you’re visiting a site that that uses HTTPS for secure connections or not. But Google says in recent years HTTPS has become the rule rather than the exception… and that even phishing sites use HTTPS these days.
In other words, the lock icon doesn’t indicate that a site is safe. It just indicates that it’s using HTTPS. So Google has announced plans to retire the lock icon and replace it with a new icon that doesn’t imply safety.
Later this year the Chrome web browser will begin showing a “tune” icon rather than a lock. Google says it doesn’t imply that a site is trustworthy, and it also makes it more clear to users that they can click the icon to view more information and adjust settings, since it looks more like a typical settings app.
That last point isn’t exactly new: you can already click on the lock icon to view a pop-up window that shows more information about a site, as well as options to adjust how your browser handles third-party cookies and site data, among other things. But Google suggests that many users don’t know that since the lock icon doesn’t look much like a typical menu button.
Google says it will roll out the new icon with Chrome 117, which is set to launch in September, 2023. But folks running beta, dev, or canary channel builds of Chrome may be able to see it sooner. In fact, an early version of the new icon is already available to users running Chrome Canary builds, although you’ll need to enable it via the
The company says the new icon will be coming to desktop versions of the Chrome browser as well as the Android version. But since the lock icon was never clickable in the iOS version of Chrome, Google will remove it altogether.
When you visit sites that aren’t using HTTPS connections, Chrome will continue to mark them as insecure.
Another bone-head move. Best of luck in re-training all the senior citizens who now know where to look for the lock icon to confirm that the site is secure. This icon was part of many web awareness campaigns run by banks and government institutions in India to educate the public. Now all that effort will be lost and people will fall victim to more and more phishing scams.
Well, this means I’m going to be getting lots of calls from seniors wondering where the lock on their bank went. This is a dumb decision, don’t train users in security measures you’re gonna take away.
That’s true. Also, considering Chrome hides the HTTP/HTTPS in the address bar, people now need to click into the address bar to reveal the full address in order to confirm HTTPS.
As a colourblind person, I use a Chrome plugin to add per-website CSS code to redesign things that are impossible for me to see properly.
For example, an online form that I submit lots of data through does a poor job at validating data, so I have an extra script I run in my browser to validate data properly (remove spaces, illegal characters, etc).
You can currently accomplish this in the Chrome Dev Tools menu, but it’s pretty complex, and I can’t easily share these solutions with colleagues. Would be cool to see features like that in the per-website settings menu. Even if you had to unlock it through Chrome dev-tools or something.
I’m sure this will be met with no one really caring one way or another (nor should they), but when Firefox inevitably does the same thing people will be whining that the sky is (still) falling and userchrome.css broke again.