From the «read this article with Vivaldi» department:
Feed: SoylentNews
Title: Google Will Remove Secure Website Indicators in Chrome 117
Author: hubie
Date: Sat, 06 May 2023 01:00:00 -0400
Link: https://soylentnews.org/article.pl?sid=23/05/05/0252245&from=rss

upstart[1] writes:

Google will remove secure website indicators in Chrome 117[2]:

Google announced today that the lock icon, long thought to be a sign of
website security and trustworthiness, will soon be changed with a new icon
that doesn't imply that a site is secure or should be trusted.

While first introduced to show that a website was using HTTPS encryption to
encrypt connections, the lock symbol is no longer needed given that more than
99% of all web pages are now loaded in Google Chrome over HTTPS.

These also include websites used as landing pages in phishing attacks or other
malicious purposes, designed to take advantage of the lock icon to trick the
targets into thinking they're safe from attacks.

"This misunderstanding is not harmless — nearly all phishing sites use HTTPS,
and therefore also display the lock icon," Google said[3].

[...] The lock icon will be changed in Chrome 117 with a "variant of the tune
icon," a user interface element commonly linked to app settings and designed
to show that it's a clickable item.

[...] This move was first announced[4] almost two years ago, in August 2021,
when the company revealed that secure website indicators are no longer needed
and would be removed from Google Chrome's address bar since over 90% of
connections are made over HTTPS.

​"When HTTPS was rare, the lock icon drew attention to the additional
protections provided by HTTPS. Today, this is no longer true, and HTTPS is the
norm, not the exception, and we've been evolving Chrome accordingly," Google
said[3].

[...] It's worth noting that Google Chrome will continue to alert users of
insecure plaintext HTTP connections on all platforms.

------------------------------------------------------------------------------

Original Submission[5]

Read more of this story[6] at SoylentNews.

Links:
[1]: https://soylentnews.org/~upstart/ (link)
[2]: https://www.bleepingcomputer.com/news/google/google-will-remove-secure-website-indicators-in-chrome-117/ (link)
[3]: https://blog.chromium.org/2023/05/an-update-on-lock-icon.html (link)
[4]: https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/ (link)
[5]: https://soylentnews.org/submit.pl?op=viewsubsubid=59504 (link)
[6]: https://soylentnews.org/article.pl?sid=23/05/05/0252245&from=rss (link)

--
First rule of Usenet: you do not talk about Usenet

Am 07.05.2023 um 03:20:35 Uhr schrieb Retrograde:

> Google will remove secure website indicators in Chrome 117[2]:
>
> Google announced today that the lock icon, long thought to be a sign
> of website security and trustworthiness, will soon be changed with a
> new icon that doesn't imply that a site is secure or should be
> trusted.

I really don't know who spread the disinformation about the
trustworthiness of the padlock symbol.

Which symbol does Google plan to use?

Marco Moock <mo01@posteo.de> wrote:
> Am 07.05.2023 um 03:20:35 Uhr schrieb Retrograde:
>
>> Google will remove secure website indicators in Chrome 117[2]:
>>
>> Google announced today that the lock icon, long thought to be a sign
>> of website security and trustworthiness, will soon be changed with a
>> new icon that doesn't imply that a site is secure or should be
>> trusted.
>
> I really don't know who spread the disinformation about the
> trustworthiness of the padlock symbol.

For many years, before the wholesale movement to https everywhere, all
the 'advertising' around https was "look for the lock icon -- it means
you are secure".

Of course, because it came from the "advertising department" the
wording was narrowed down to a sound bite, and all technical precision
was squeezed out, and so the "it means you are secure" got
miss-interpreted by non-technical folk as a sign that the website was
what was trustworthy -- as opposed to the actual meaning of "no one is
spying on your communications with this website".

> Which symbol does Google plan to use?

From the sounds of things, nothing. You have:

noting -- for an TLS connection.

The "not secure" flag that scared many a non-technical user if you are
connected without TLS.

Marco Moock wrote:

> schrieb Retrograde:
>
>> Google will remove secure website indicators in Chrome 117[2]:
>
> Which symbol does Google plan to use?

It was shown on a chromium page linked from the article

<https://blog.chromium.org/2023/05/an-update-on-lock-icon.html>

a couple of circles and a couple of lines, apparently ...

[[SSL]]

Rich <rich@example.invalid> writes:
>For many years, before the wholesale movement to https everywhere, all
>the 'advertising' around https was "look for the lock icon -- it means
>you are secure".

Some ".gov" pages say:

|Official websites use .gov
| |A .gov website belongs to an official government organization
|in the United States.
| |Secure .gov websites use HTTPS
| |A lock ( ) or https:// means you've safely connected to the
|.gov website. Share sensitive information only on official,
|secure websites.

. It is generally questionable whether people should be led
to believe that a source can "confirm" itself. (Here, it
would be better to consult a third, trustworthy source about
the meaning of ".gov" and "https".)

Moreover, "safely connected" is vague. Does it mean that
the connection cannot be interrupted or what?