One of the biggest advances in web security in the last decade has been the proliferation of secure, encrypted HTTPS connections. HTTPS connections, once reserved for shopping and banking sites, have become the norm rather than the exception, protecting more of your credentials and data from interception, even when you’re on public or insecure networks.
Browsers going all the way back to Internet Explorer have used a little padlock icon to indicate that a connection is using HTTPS. But according to the team behind the Chromium browser engine, most people still don’t know what that padlock icon actually means. Because of that confusion, and because HTTPS is now expected for most sites, Chromium will be retiring the padlock icon starting with Chrome 117, scheduled for release in September alongside a major refresh of the Chrome interface.
“Replacing the lock icon with a neutral indicator avoids the misunderstanding that the lock icon is associated with a page’s trustworthiness, and emphasizes that security should be the default state in Chrome,” reads a Chromium blog post from the Chrome security team.
The “Tune” icon will replace the padlock icon and provide access to various settings and status messages.
In the desktop versions of Chrome, the padlock icon is replaced by a melody icon: a few circles and a few lines meant to represent the toggle switches you see in many settings screens. Clicking the Tune icon will still give you additional information about the site’s HTTPS certificate, plus some other site-specific settings, such as those for notifications and location sharing. These are all things you can access by clicking the padlock icon in current versions of Chrome. So the lock icon changes, but the functionality of the menu remains the same.
“Our research has also shown that many users have never understood that clicking the lock icon displays important information and controls,” the blog post continues. “We think the new icon helps make permission checks and additional security information more accessible while avoiding the misunderstandings that plague the lock icon.”
The Chromium team says Chrome will continue to warn users in the address bar when a site not Using HTTPS. Chrome for Android will also get the new Tune icon, while Chrome for iOS and iPadOS will simply remove the current non-clickable padlock icon.
This change is especially important because of the Chromium engine’s current dominance; Chrome accounts for about two-thirds of all internet usage, and including Chromium-based browsers like Microsoft Edge and Opera brings the total closer to 80 percent. For better or worse, Google’s changes often become the default for other browsers. We expect most Chromium-based browsers, plus alternatives such as Safari and Firefox, to make similar changes in the near future.
