Google starts experimenting with removing padlock in Chrome browser
11 August 2021
Following the previous changes to the display of HTTPS in Chrome and other browsers, Google is now going a step further in Chrome: phasing out the well-known padlock in the address bar on secure websites.
What is the cause?
A secure HTTPS connection is now indicated in all browsers by a lock icon in the address bar. Research by Google shows that more than 90 percent of all websites loaded in Chrome now use HTTPS, but a few years ago research also showed that 89 percent of the users surveyed do not know exactly what the lock icon means. Users often think that the lock icon indicates that the website is trustworthy, while it only shows that there is a secure connection to the website. This does not say anything about the identity of the website. This verified identity was clearly displayed in an EV SSL certificate, but due to adjustments in Chrome, this identity is hardly visible anymore.
Therefore, in the next version of Chrome that will be released in August this year, Google will start an experiment in which the lock is replaced by a neutral signification with which page information can be viewed. Because it is still an experiment, it is still possible for organizations to indicate that they don’t want to participate in this.
Google has been working for some time with Chrome to switch to HTTPS as default and simplify the display of domain names:
- At the beginning of 2017, all websites with HTTPS received a 'secure' message.
- In July 2018, all websites without HTTPS received an 'insecure' notification, with which the secure notification from a year earlier expired. This warning for unsecured websites will remain in effect for the time being.
- Two years ago, from version 76, www or http/https were no longer displayed for the domain. At about the same time, the display of an EV SSL certificate was no longer shown in green, and the company name and country code were no longer shown in the URL bar, but in a 'Page info' pop-up.
Course is food for discussion
No longer showing the lock at all-in HTTPS connections is a step that was announced at the time as one of the possible actions as a result of the aforementioned investigation. Because 90% of all websites now use HTTPS, Google now states it is time to experiment with not showing the well-known lock at all.
Not everyone agrees with Google's course, for example, often heard is for example that changing the display of SSL and EV SSL every time actually reduces the clarity for users. The more than 90% of the websites loaded via HTTPS mentioned by Google also seems very spacious compared to other measurements, which come out lower at less than three quarters.
With about two-thirds of the market share in the browser market, it makes sense that the other browsers are heading more or less in the same direction. To promote HTTPS, Mozilla is launching the HTTPS-only mode in Firefox 91 (August this year), which ensures that websites - if available - are loaded in HTTPS by default.