In May 2023, Google announced in its Chromium blog that starting with Chrome 117, secure HTTPS connections will no longer display their padlock icon next to the URL. Instead, users will see a “Tune" icon which looks like a switch in the settings menu bar, and Google hopes to encourage more users to click and view the detailed information of the website.

over the past few decades, one of the biggest advances in web security has been the proliferation of secure HTTPS connections. Whether it is in daily applications or payment-related permissions, HTTPS has become the norm. HTTPS connection ensures that communication between the server and the client is encrypted and attackers cannot easily steal data. The HTTPS has been widely adopted by websites. According to Google, over 95% of page loads on Windows happen over the HTTPS channel. For many years, the padlock icon has served as a sign that their connection is particularly secure. So if the lock icon has been proven useful, why does Google want to replace it?

The padlock icon representing web security has been present in the URL bar of web browsers for so long that it actually has become the default connection. Yet in a 2021 study, Google found that only 11% of study participants actually understood what the padlock icon meant. Many people think that websites with HTTPS connections are safe, but in fact, this is not the case. Most phishing websites use HTTPS connections too, and even hackers are also using them, because a DV SSL certificate, which doesn’t verify identity, also activates HTTPS and padlock icon. Therefore, it does not prove that a website using HTTPS is absolutely safe. Safe≠Secure. 

Another main reason is to promote HTTPS as the default protocol for all websites. There were very few websites using HTTPS in the early days, so the padlock appeared as a special symbol. As the use of HTTPS becomes more and more widespread and a mainstream, it is no longer special. In addition, Google's change of the padlock icon is also to promote the use of OV and EV certificates that must the identity of the domain owner.

That is not the first time that Google has changed the icon; it was redesigned as early as 2016. The original plan was to replace it with an arrow to signify that content will expand if you click the icon. But now, Google has decided to go with a different style.

What will Google's new icon look like?

Now let's see what this "Tune" icon actually looks like.

The new icon is a slightly redesigned "Tune" icon. Google says the new icon is a neutral indicator that avoids the confusion and security risks posed by the padlock icon. The icon consists of two circles and two lines so that it looks like two switches. While it is worth noting that it does not mean that the website with this icon is safe and trustworthy, the purpose is to entice the user to interact to get more information or browse options. The "Tune" icon is more likely to evoke the interaction and interest than the padlock icon.

According to the Chromium blog, the new icon will launch in September 2023 alongside the redesigned interface in Chrome 117. Chrome will continue to alert users when sites are not using HTTPS, Google said. The Android version of Chrome will also get a new "Tune" icon, while Apple iOS will simply eliminate the unclickable padlock icon.

From the above, it is clear that Google will continue to identify unsafe websites by putting the "not secure" warning on the website. However, based on the fact that almost everyone can obtain a DV SSL certificate, at this time, merely displaying that a website uses HTTPS does not necessarily indicate a robust level of security. To enhance the security and reliability of the site, additional measures need to be taken to verify its integrity. With phishing sites, email fraud, hacking and more, companies must use trusted digital certificates to verify the security of your identity.

As a leading digital certificate provider, NicSRS provides customers with better organization validation (OV) or extended validation (EV) SSL/TLS certificates to ensure the digital identity security of websites. If you have any questions, please feel free to contact us and we will provide you with timely professional help.

Please read here about Chromium blog.