Google is planning to replace the lock icon in Google Chrome, which indicates that a website loads over HTTPS, with a more “neutral” tune icon. The company had previously experimented with replacing the lock icon with a downward-pointing arrow, but the company didn’t go forward with the change back in 2021.
Citing its own investigations into the matter as well as research from other companies, the company still believes that the lock icon provides a misleading sense of security to people browsing the web as the majority of websites now support HTTPS. Inline threats have indeed evolved quite significantly in recent years, and an HTTPS connection doesn’t protect users from phishing attacks.
“Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. Misunderstandings are so pervasive that many organizations, including the FBI, publish explicit guidance that the lock icon is not an indicator of website safety,” Google emphasized on the Chromium blog.
Google’s replacement for the lock icon in Chrome is a variant of the tune icon, as the company believes it is commonly used to access controls and settings within apps. “We think the new icon helps make permission controls and additional security information more accessible, while avoiding the misunderstandings that plague the lock icon,” Google said.
Google plans to roll out this new tune icon in an update to the desktop and Android versions of Chrome coming in early September. On iOS, however, the lock icon isn’t tappable and will be removed. However, Chrome will continue to mark websites that don’t support HTTPS as insecure on all platforms.