Your Chrome Browser Just Lost It’s Padlock

Chrome users will soon need to adjust to its new look as Chrome will ditch its iconic padlock icon in favor of an “HTTPS connection indicator,” similar to how on/off toggles appear in settings menus. Google says this new symbol resembles on/off toggles found on websites with HTTPS connectivity.

The company says this new icon won’t imply trustworthiness and should help reduce misunderstandings associated with its current version. It debuted with Chrome 117 in the fall of 2023 on desktop computers and Android smartphones.

Google’s Iconic Padlock Icon Replaced

Yes, old habits die hard, but Google will soon change the padlock icon used on browsers to indicate security for years, replacing it with more neutral indicators to avoid confusion caused by its presence. The change will come to desktop and Android versions of Chrome this fall with Chrome 117’s release; two-thirds of Internet users globally use this browser, which is often the default on many Android devices. It comes amidst the ongoing push that Chromium is taking to be a browser with proxy by default and Google routing traffic through their servers first.

The lock icon debuted on web browsers during the late ’90s to indicate whether a site used HTTPS (hypertext transfer protocol secure). This technology enables sensitive information like logins, credit card numbers, and passwords to be transmitted securely over the Internet. Unfortunately, Google research revealed only 11 percent of people understood what it represented – believing it referred to trustworthiness rather than authentication. Unfortunately, this could pose a threat as fraudulent sites can use HTTPS with this symbol as bait to mislead users into thinking they are visiting trustworthy websites when they may be visiting fraudulent ones instead.

Google announced that Chrome on desktop and Android will feature a tunic icon instead of the usual lock to prompt users to verify website security details. This change comes alongside an information button on connection and permission settings of websites; its appearance does not imply security but rather indicates controls and settings, which the Chromium team believes will reduce confusion surrounding site security.

Chrome will continue to mark sites using plaintext HTTP as insecure across all platforms, including iOS where its iconic padlock cannot be clicked. Furthermore, users will be alerted in their address bar if a site does not use HTTPS encryption.

The new tune icon features two concentric circles connected by a line and is designed to resemble toggle switches commonly seen on settings screens. Clicking on it still offers more information on a website’s HTTPS certificate and other site-specific settings, similar to how clicking a padlock provides extra details about a particular website.

Tune Icon Steps In

For decades, website addresses with padlock icons have served as security indicators. When viewing websites with HTTPS-encrypted connections, their connection between the web server and browser cannot be read or modified by anyone while transiting over the Internet.

Problematically, however, people often assume the presence of the padlock icon indicates they can trust a website they’re visiting – which can be dangerous as many phishing sites utilize HTTPS and the padlock icon to appear legitimate, leading many people to assume all sites with padlocks are safe. This is coupled with the research from theconversation.com 

The majority of people have yet to learn what the padlock does anyway! They just assume it must mean the site is secure, which, if you know anything about internet sites, is nothing short of a blatant lie. It only fundamentally means you have a secure connection to the site. This could be for fraudulent instead of genuine reasons.  

Google is taking action to address that. Later this year, Chrome browser will replace its familiar padlock icon with one that doesn’t connote trustworthiness and more easily represents settings or other controls – thus helping prevent confusion caused by the current icon while continuing to inform customers about insecure connections online.

Though it will require getting used to, this change represents a significant step forward for increasing web security. When more users realize that having an icon doesn’t guarantee a site’s trustworthiness, they may be less inclined to visit these kinds of websites or take unnecessary risks with their data.

Evolving Web Security

The padlock icon has become synonymous with website security for decades. It signifies a website using HTTPS to secure data transmitted between browser and web server. Still, Google has noted in their Chromium blog post that many internet users need to understand what this symbol signifies – only 11% understood its precise meaning during their research study! Such confusion and potential security risks must not be overlooked.

This change will affect other browsers that utilize Google’s engine, such as Opera and Microsoft Edge; note that this change doesn’t indicate HTTPS sites are no longer secure, as Chrome will still notify users of insecure connections when detected.

Chrome’s new icon – two toggle switches stacked atop each other – is less ambiguous than its predecessor and invites clicks for site settings or controls. Google hopes this change will reduce miscommunication associated with padlocks while improving their effectiveness as indicators of safe sites.

However, while more websites are transitioning to HTTPS, millions of pages still need to. This is partly because enabling and maintaining it is expensive; web developers may also be reluctant to implement HTTPS because they cannot guarantee visitors an enjoyable site experience. The addition of a tune icon may make switching over more mainstream.

What It Means for Internet Users

People browsing the internet typically give little thought to online security, opting for their chosen security software without much consideration for its effectiveness. They take it for granted that looking for locks before entering sensitive information will protect their information, but unfortunately, this approach may not always suffice in protecting it.

In the ’90s, Netscape first introduced HTTPS encryption technology for safely sending passwords and credit card numbers across the Internet. HTTPS helps protect users by keeping their online activities private while preventing outside parties from spying on their browsing activity, so much so that the government requires its implementation on public websites.

It’s a definite shift towards anonymized browsing, which will allow Google to stay ahead of curve balls such as EU laws if they are not facilitating cookies or data from you in the traditional sense. Yet, using a proxy, they will still be able to analyze your logs on home turf. So who is getting more secure as a result of this security change? Google’s financial padlock just got a whole lot brighter.