May 9, 2023

The lock icon in your browser is going away because people don’t understand what it means

chrome-ssl-lock-icon
Reading Time: 2 minutes

Web browsers have had the padlock icon next to the website addresses for years to show that the site has an SSL certificate and that your data is protected between you and that website. For years it was mostly just ecommerce that had that, but in 2017 Google started pushing all sites to use SSL.

SSL is a great thing, but it’s often very misunderstood. At a basic level, it protects that information that you give to a website (so no one can see it in transit), but that’s about it. It offers no other protection for the website itself, or for your assurance that the website is legit. As I heard a friend say at a security conference, “SSL just means that hackers have a secure way to get your site”.

As a consequence of the confusion, many users see the padlock and assume that the site is completely safe — not only is their data safe, but the site itself is reputable. Those two things are completely unrelated, and it’s led to problems. Here is what Google had to say about it:

Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon.

This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon.

Any good scammer will use SSL, so that icon is of no value. Google has slowly been making the lock less obvious, and now they’re going to replace it with this new symbol:

While I think it’s an improvement in some ways, as people won’t see the misunderstood lock, it’s a confusing icon itself. Personally, I think Google should have just done away with that icon completely, and only alerted users when a site was not using SSL at all.

Either way, this should help a little bit, and it’s a reminder to all of us that hackers do many things to try to appear legit so always be on guard.

For more, you can read Google’s official post on the change, or this great summary from Search Engine Journal.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Google AI Overviews are devouring search traffic

Reading Time: 2 minutesAs Google continues to push their “AI Overviews” (the AI snippets at the top of search results), we’re seeing a greater and greater decrease in…

Read More

Optimizing for website traffic is dumb

Reading Time: < 1 minuteIt can be tempting to try to optimize your website to get more traffic, because with all things being the same, more traffic will lead…

Read More

What caused the conversion?

Reading Time: < 1 minuteDetermining where traffic to your website really came from is becoming more and more difficult. It you just look at the last touch, it’ll lie…

Read More