Ever since Google launched its own browser, Google Chrome in 2008, it has been a big proponent of HTTPS adoption. HTTPS or Hypertext Transfer Protocol Secure is an extension of the Hypertext Transfer Protocol (HTTP) and is an encrypted protocol that gives the user more security and privacy. And to indicate whether a website uses this protocol or not, Chrome displays a lock icon in the address bar. However, now, Google has announced that it will be removing this icon.
In an announcement yesterday, May 2, Google stated, “When HTTPS was rare, the lock icon drew attention to the additional protections provided by HTTPS. Today, this is no longer true, and HTTPS is the norm, not the exception, and we've been evolving Chrome accordingly”.
Adding to the backdrop of this evolution, Google mentioned how the lock icon has been around ever since the early versions of Netscape in the 1990s and Google Chrome has participated in the adoption of HTTPS protocol since it was first launched. Over the years, Google noted, HTTPS has become the norm and over 95% of page loads in Chrome on Windows are over a secure channel using HTTPS. As a result, using the lock icon has become not only redundant but also dangerous.
Google explained that the lock icon, by its design, indicates trustworthiness which can be a big problem. “Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon. Misunderstandings are so pervasive that many organizations, including the FBI, publish explicit guidance that the lock icon is not an indicator of website safety”,
Read more on tech.hindustantimes.com