Google to Remove HTTPS Padlock on Browser


Google has announced that it will retire HTTPS Padlock because many don't know what it means

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) that uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) formerly known as Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

The main reasons for HTTPS are authentication of the accessed website and protection of the privacy and integrity of the exchanged data while it is in transit. It protects against man-in-the-middle attacks, and the bidirectional block cipher encryption of communications between a client and server protects the communications against eavesdropping and tampering.

Over the last decade, the use of secure, encrypted HTTPS connections has been seen as one of highest advances in web security.

Since the introduction of internet banking through financial technologies, online shopping enabled by open-banking where, HTTPS connections have become critical in keeping more of users credentials and data safe from being intercepted even when they’re on public or insecure networks.

To show users that a website is using HTTPS, a padlock icon is displayed to indicate that the site is secure.

Starting from early browsers like Internet Explorer and new browser like Chrome, Microsoft Edge etc, a small padlock icon use to denote that a connection is using HTTPS. 

But the team at Google behind the Chromium browser engine, say most people still don't know what that padlock icon really stands for, and most sites are excepted to have HTTPS. Therefore, Chromium will remove the padlock icon starting in Chrome 117, scheduled to be released in September this year together with a larger refresh of Chrome interface.

"Replacing the lock icon with a neutral indicator prevents the misunderstanding that the lock icon is associated with the trustworthiness of a page, and emphasizes that security should be the default state in Chrome," reads a Chromium blog post from the Chrome security team.

In the desktop versions of Chrome, the padlock icon will be replaced by a "tune" icon—a couple of circles and a couple of lines meant to represent the toggle switches you encounter in many Settings screens. Clicking the Tune icon will still give you extra information about the site's HTTPS certificate, plus a few other site-specific settings like those for notifications and location sharing. These are all things you can access by clicking the padlock icon in current versions of Chrome—so the lock icon will change, but the menu's functionality will stay the same.

"Our research has also shown that many users never understood that clicking the lock icon showed important information and controls," the blog post continues. "We think the new icon helps make permission controls and additional security information more accessible, while avoiding the misunderstandings that plague the lock icon."

The Chromium team assured that  Chrome  browser will continue to alert users in the address bar when a site isn't using HTTPS. Chrome for Android will also get the new Tune icon, while Chrome for iOS and iPadOS will simply eliminate the current non-clickable padlock icon.

This change is especially important because of the Chromium engine's current dominance; Chrome accounts for about two-thirds of all Internet usage, and including Chromium-based browsers like Microsoft Edge and Opera brings the total closer to 80 percent. For better or worse, Google's changes tend to become the default for other browsers. We'd expect most Chromium-based browsers, plus alternatives like Safari and Firefox, to make similar changes in the near future.

Previous Post Next Post