Google to Kill Chrome's Lock Icon, Now Considered Outdated and Misleading

pcmag.com:

The little lock icon that appears on the Chrome browser’s web address bar may fill you with comfort when you see it. But Google plans on retiring the feature, saying it’s outlived its use.  

The lock icon is meant to be a helpful indicator to show you a site’s HTTP connection is encrypted, which is also known as HTTPS. But according to Google, the lock icon can mislead users into thinking a website is safe and secure to use. 

In reality, the lock icon only designates that a website is secured with HTTPS, preventing the traffic from being transmitted in plain text, thereby stopping eavesdropping. However, a phishing page that hosts malware can also trigger the lock icon to appear on Chrome. The hacker simply needs to install an SSL certificate with their phishing site to secure the connection with HTTPS.

“This misunderstanding is not harmless—nearly all phishing sites use HTTPS, and therefore also display the lock icon,” the company wrote(Opens in a new window) in a blog post on Tuesday.  “Misunderstandings are so pervasive that many organizations, including the FBI(Opens in a new window), publish explicit guidance that the lock icon is not an indicator of website safety.”

The company adds that its own research from 2021 showed(Opens in a new window) “that only 11% of study participants correctly understood the precise meaning of the lock icon.”

For years, Google resorted to displaying the lock icon on Chrome in an effort to push the entire web ecosystem to adopt HTTPS. But now that over 95% of the page loads on Chrome occur over HTTPS, the company has decided it’s time to move on from lock icon, calling it “remnant of an era where HTTPS was uncommon.”

Google will replace the feature with a new “tune” icon, which can open