Google Chrome, the popular browser hosted by Google, is removing the lock icon from the URL box, claiming it may actually be helping hackers phish information from their victims.
Since the 1990s, browsers have displayed the lock icon to show a secure connection when a site loads over HTTPS. In the past, websites were rarely built with HTTPS. According to a report by Google’s security team, only 14% of the Alexa top one million sites supported HTTPS, but nowadays, over 95% of websites that display on Chrome support HTTPS.
Since plenty of phishing hackers use HTTPS now, it’s no longer a genuine badge of security and can even trick users into thinking an unsafe website is secured. Google found that only about 11% of users understood what the lock actually meant.
In the past, the protection of your data from third-party sources from an HTTPS website was a lot more guaranteed, especially given its rareness, but since HTTPS is the norm and cyber attacks are on the rise, Google is modifying its approach to security. The update is set to roll out with the Chrome 117 update in early September. The update is also being applied to Android devices.
The lock icon is being replaced with a new icon that serves similar functions. Like the original lock icon, this new tune icon will be located on the URL bar and when clicked, will display additional information about the website, like its cookies. If your connection isn’t secure, Chrome will still inform you, so there’s no loss of any security benefits.
According to Google, it believes this new tune icon will be more obviously clickable, will be closer to appearing like a settings button, and most importantly, won’t give users a false sense of security.
“We’re excited that HTTPS adoption has grown so much over the years, and that we’re finally able to safely take this step, and continue to move towards a web that is secure-by-default,” the Google Chrome team said.