Google today announced that the lock icon, long considered a sign of website security and reliability, will soon be replaced with a new icon that does not imply that a site is secure or trustworthy.
Although it was first introduced to show that a website was using HTTPS encryption to encrypt connections, the lock symbol is no longer necessary as over 99% of all web pages are now loaded into Google Chrome via HTTPS.
These also include websites used as landing pages in phishing attacks or for other malicious purposes, designed to take advantage of the lock icon to trick targets into thinking they are there. shelter from attacks.
“This misunderstanding is not trivial – almost all phishing sites use HTTPS, and therefore also display the lock icon”, google said.
“Misunderstandings are so widespread that many organizations, including the FBIpost explicit instructions that the lock icon is not an indicator of website security.”
The lock icon will be changed in Chrome 117 with a “variant of the settings icon”, a user interface element usually tied to app settings and designed to show that it is an element clickable.
However, it won’t be removed entirely because Google will still show the lock in the “Tune” submenu when website connections are secure, as shown in the screenshot above.
This move was first announced almost two years ago, in August 2021, when the company revealed that safe website indicators were no longer needed and would be removed from Google Chrome’s address bar since over 90% of logins are over HTTPS.
“When HTTPS was rare, the lock icon called attention to the extra protections provided by HTTPS. Today, that’s no longer true, and HTTPS is the norm, not the exception, and we’ve evolved Chrome accordingly”, Google said.
“The new icon is expected to launch in Chrome 117, which will be released in early September 2023, as part of a general design refresh for desktop platforms.”
The lock icon will also be replaced in Google Chrome for Android in September, but it will be removed from iOS as it cannot be used and is only displayed to convey additional information about the site Web loaded.
It should be noted that Google Chrome will continue to alert users to insecure plaintext HTTP connections on all platforms.
How to test the new Chrome setting icon
Those who want to test out the lock icon replacement can enable it in Chrome Canary by following the instructions below.
- Enter chrome://flags in the address bar and press ENTER.
- To research ‘chrome-refresh-2023‘
- When the ‘Chrome 2023 Refresh‘ the flag is displayed, click on ‘Default‘ and select ‘Enabled.’
- Relaunch the browser when prompted to get the updated Chrome Desktop UI.
As Google warned today, this feature is still under development, does not reflect the final product, and bugs are expected.