3aIT Blog

PadlockIn "barely noticable but quite important" news, users of Google's Chrome brower will be familar with the padlock icon that displays next to a website address when it's using a secure connection. In more technical terms, this means that the website is running over https rather than http which means the connection between your browser and the website cannot be spied on between those two points.

In a new version of Chrome releasing soon, Google is planning on changing this icon. Why, you ask? Their research suggests that some users associate the padlock with the website being safe to use, or "verified" in some way. This is not the case. While a secure connection makes things safer in one specific respect, it has no bearing on whether you can trust the website at the other end. The process a website owner needs to complete to get the padlock to appear is completely self-administered, and the certificates that enable it can be literally free in some cases. There is nothing stopping someone that intends to scam you / steal your data from making their website "secure". To reflect this, Google will be changing this icon to a downward arrow instead. Sites with no security certificate will still be marked as "Not Secure".

In related news, Google also plans to provide an "HTTPS-first" mode for the browser. Some websites allow connections on both http and https, with only the latter providing a secure connection. If enabled, this mode will always try to load a site over https first, and will provide a full page warning if it can't. This feature will be rolling out from late September.