Google Chrome Is Ditching This Feature

I would actually argue that the opposite would be better: have no lock if site is encrypted, but have red crossed-out lock in case the site is unencrypted. That way people won't have anything that would make them think the site is legit, but if the site is unencrypted they'd see the warning.

DINOAVFC

I would think the best solution here would be to remove the lock icon for https, but leave the unsecure icon for http and certificate errors, that way technical people would still be able to see at a glance whether the certificate passed, and non-technical people don't have a confusing lock icon.

giga-chicken

Mozilla had similar points when it made changes to how it handled the padlock icon in Firefox 70. They decided to change it from green to gray for HTTPS and have a red line through it for plain HTTP. They had a write up where the two listed reasons for removing the green color were because 80% of the web is HTTPS and they wanted to de-emphasize the prominence of the icon itself.

kwerboom

Google usually makes bad decisions but as a web developer I 100% get behind this change. The lock icon creates a false sense of security and authenticity to a website when in reality getting one is completely free and easy with tools like Let's Encrypt

MizManFryingP

Web developer here, I absolutely agree with the change. The padlock was good for encouraging us devs to implement HTTPS, but it wasn’t communicated properly to end users.

I personally know multiple people who have fallen victim to scams, particularly phishing scams spread by text, under the false impressions that the phoney website they visited was legitimate thanks to the padlock.

They were blissfully unaware that the padlock only ensured their data would be safely delivered to the criminals operating the site.

trimonmusic

0:17 "This indicates that the site you're on is using HTTPS" That is only partially true, there is the additional requirement of using certificate from a trusted CA, you can still use HTTPS with your own self-signed certs and it won't show the green padlock so it is improper to say what they said in the video, I can understand though as this is simpler to say than what I explained

JordanPlayz

To those suggesting a crossed out lock for HTTP connections: Chromium browsers do already display a "Not Secure" tag next to the URL for those pages since 2018.

thatanimeweirdo

I'm surprised that it took this long to change this . Scammers were using this as an advantage. They would often even tell their victims to see if the lock is green to make them really think they are completely secure.

Alexandremix

I say having the settings icon makes sense there since Chrome already puts site-specific settings there as well. There should be a crossed out lock icon though if the certificate doesn't pass or it's HTTP at least.

TylerFurrison

The Lockpicking Lawyer has picked the Padlock in his Browser.



Twice, to prove it was not a fluke.

MrRollmoreBlunts

It was also grossly irresponsible when we used to claim that HTTPS does anything to ensure that the website you are on is the website you want to be on. Typosquatting and Domain spoofing both easily defeat any assurance HTTPS used to provide years ago.
The only thing HTTPS does is encrypt traffic between your browser and whatever-the-heck server you happen to be connected to.

Lost-In-Blank

Oddly enough, I literally just learned about this about 3 days ago while setting up my first home hosted, internet-facing server.
It's literally 3 commands on Linux to get an SSL cert for a server.

Granted, HTTPS is a solid thing and should be used by every site, but I've found a lot of people (myself included) weren't exactly aware of what that lock icon meant.

remghoost

Watching on Firefox rn, and interestingly it has both the padlock and the slider icons. (plus a shield icon too!)

mfaizsyahmi

Gotta admit consider myself pretty tech savvy (build my computers, do the occasional coding, have built and hosted websites (but years ago), etc.) and I learned something new here. I guess it just didn't dawn on me that the lock indicated the transmission was encrypted, not the site itself. Good to know, and I'm glad I learned something new!

Midcon

The new tune icon closely resembles a very similar UI element in Firefox. Just so you know who actually did the design work of your browser...

hammerth

From what I experienced (with people I encounter), that 11% figure is overly generous.
Most people I know don't know what the padlock means, let alone HTTPS.

misterieping

3:39 On Firefox that new icon is already visible for Youtube's url. Interestingly the padlock icon is still there next to the new icon. If you click the new icon you see the permissions you allowed or disabled for the website.

FatherManus

Firefox'll probably follow suit with this, because most people who use Firefox are switching from a different browser (which is mostly Chrome because it's the most popular) like with ftp support. Although, Firefox already uses that icon (right next to the lock, in fact!) but could just incorporate them into one icon.

TheAmethystAurora

Honestly as a software dev, I have deployed a website and it takes at most 30mins to setup https and make it work indefinitely. It's just a matter of running a script and enabling the auto renew (the configuration is what takes most of the time).
So yeah I understand why they change that if users think it makes a site legit.

Breigner

Honestly good change, the lock was always a good idea on paper, but as said in the video many people thought lock = safe so getting rid of it may help stop some scams

flamingscar