Google is replacing Chrome's lock icon because it's not an indicator of website safety

[Shawn Knight]

In a nutshell: Google will soon be doing away with a staple of the Internet for Chrome browser users. The familiar padlock icon in the URL bar will be retired later this year in favor of a variant of the tune icon.

The lock icon has been used by web browsers for decades to denote when a site loads over Hypertext Transfer Protocol Secure, or HTTPS for short. This encrypted type of connection was once the exception but is now the norm. According to Google's data, over 95 percent of pages loaded in Chrome in Windows use HTTPS. By comparison, only 14 percent of the top one million sites were delivered using HTTPS in 2013.

In 2016, Google redesigned the lock icon in Chrome after research suggested many users misunderstood what it meant. Despite this, only 11 percent of those surveyed in 2021 knew the true meaning of the icon and many did not realize the icon could be clicked to view more site information. The misunderstanding is cause for concern, Google said, as the lock icon does not directly correlate to website safety as many believe.

Following experiments with a subset of users, Google has decided to replace the lock icon in Chrome with a modified version of the tune icon. Google believes the new icon does not imply trustworthiness as it is a neutral indicator. What's more, the search giant said the new icon is more obviously clickable and is commonly associated with settings or additional controls.

Notably, Chrome will continue to alert users when their connection is not secure.

With HTTPS now the norm, @googlechrome has reevaluated the lock icon �"' We will emphasize that security should be the default state and instead, evolve the icon to be more of a tune-up control for site settings.https://t.co/th3FY2OHWR pic.twitter.com/hr7TKtA6nh

– Addy Osmani (@addyosmani) May 2, 2023

The new icon should start showing up for desktop users with the launch of Chrome 117 in early September. Those interested in getting acquainted with the tune logo can do so in Chrome Canary by enabling Chrome Refresh 2023. Google will also replace the icon on Android at the same time. On iOS, the lock icon will be removed entirely as it is not clickable.

Image credit: Skylarvision

Permalink to story.

https://www.techspot.com/news/98553-google-replacing-chrome-lock-icon-because-confusing.html

 

[psycros]

Just more proof that modern "zero context" UI design has failed completely.

"This encrypted type of connection was once the exception but is now the norm."

Except when the certificate is invalid, the site actually doesn't encrypt, etc. Thanks for making the web even more unsafe, Google. You're definitely showing your true colors.

 

[human7]

Just more proof that modern "zero context" UI design has failed completely.

"This encrypted type of connection was once the exception but is now the norm."

Except when the certificate is invalid, the site actually doesn't encrypt, etc. Thanks for making the web even more unsafe, Google. You're definitely showing your true colors.

Please correct me here, but I understand where this is coming from. A decade ago, encrypted sites weren't that common. These days, unencrypted sites are what is abnormal.

But, the "enemy" (malicious actors) know this: they'll create encrypted sites that are just as dangerous as false sites were a decade ago. Except now browsers will say "oh, this is encrypted, that's a good thing, let me put a green padlock here" (or whatever color/symbology they use).

The padlock was useful for encouraging sites to adopt encryption. Now that that's done, the padlock serves little use.

The new philosophy that Google, and presumably other browsers, will take is this: Flag the sites that don't encrypt, but don't declare encrypted sites safe just because the connection is encrypted. Seems reasonable to me.