You Can’t Trust Your Browser’s “lock” to Tell You the Site Is Safe.
When you browse the Internet, you probably notice a small padlock icon that appears in the URL bar. A common Internet security tip is to look for this padlock every time you visit a new site to make sure your connection is really secure. Google, however, has announced that it will remove the block , as it believes it does not serve the security purpose it once served. So, how can you determine if a site is safe in the future? Google has a plan.
What does browser blocking really mean?
Blocking has been used since the 90s to indicate when the site you are on is using HTTPS or HTTP . HTTP (Hypertext Transfer Protocol) is simply a protocol that allows you to transfer data over the Internet. This is what allows you to visit Lifehacker.com, and on the other hand, this is what allows us to share our articles every day. HTTPS (Secure Hypertext Transfer Protocol) is essentially HTTP but encrypted: it’s the same basic transfer protocol, but now the connection between your device and the site you’re visiting is protected from third parties.
HTTPS has been heavily promoted by cybersecurity experts, including Google, due to its superior security over standard HTTP. Simply switching to HTTPS helps ensure that attackers can’t intercept the connection, so you can read about hacks without worrying about third parties spying on or hacking into you. This padlock icon symbolizes a secure connection, and its absence should mean that the connection cannot be trusted.
However, HTTPS is not a safe haven from scammers and hackers. It simply blocks third parties from interfering with your connection. If the other end of the connection is compromised, HTTPS won’t help you a damn thing. Google highlights that almost all phishing sites use HTTPS, not HTTP: You can easily click on a fake website using HTTPS and fall victim to a scam , all with that comforting padlock icon resting in the address bar.
This is the crux of the problem as Google sees it: there is a mismatch between what people think of the castle and what it actually stands for. Google says that too many people assume that a block means that the site they are visiting is completely safe to use, when in fact a block only means that the site is using HTTPS. In fact, in the survey , 89% of the participants misunderstood what the castle actually meant. This isn’t a Chrome issue either: most web browsers use a lock icon to acknowledge an HTTPS connection. Google just got rid of it first.
Anyone who clicks on the lock will see that this is more than a simple security indicator: of course, the first option lets you know if the connection is secure and if your personal data is protected on the site. However, you may also see information about the cookies and data used by the site, and then a link to Chrome’s settings for that data. There is also an option to customize the general settings of the site you visit, which allows you to change permissions for things like location, camera, microphone, etc.
Google is replacing the settings menu lock
Due to the lack of clarity on what blocking actually means, as well as the advanced customization options that blocking provides, Google would prefer not to block altogether. In Chrome 117, which the company plans to release in September, the lock will no longer be there, replaced by an icon that resembles a settings menu:
Clicking this icon displays a drop-down list similar to the padlock icon, including a secure connection message, cookies and site data settings, and site settings options. However, you will also see quick actions for permissions such as location, microphone, and motion sensors, making it easy to quickly manage your data on any given website.
Google plans to lift the lock on Android at the same time as the desktop. This will also remove the icon from iOS, but since it’s not clickable, it won’t change much for Chrome browsers on iPhone.
How to test the new Google security menu right now
The block will remain until September, but you can get rid of it today. Google is making the settings icon available in the Chrome Canary app , where it provides early builds of features before releasing them to the public Chrome app.