Chrome Says Goodbye to Green “Secure” Lock on HTTPS Sites

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Now that HTTPS is becoming the norm and "users should expect that the web is safe by default," future versions of Chrome will no longer show a green security badge to indicate whether a website is secure or not. On the flip side, HTTP sites will now carry a red warning label to warn users that they are visiting an insecure page.

By May 12, 83 percent of websites visited by people browsing on Chrome using Windows were HTTPS pages. It's gotten to the point for Google where you're much more likely to visit an HTTPS page on Chrome than a nonsecure page. With that mindset, if something is the norm, you don't really need a label telling you that everything is normal.
 
Really hope they keep the green lock for a long while. A lot of folks are stuck with one system at work and one or more at home. Much easier to have them check for a green lock for secure connection to site for all systems then Good is nothing on Chrome, Green Lock on Firefox, and whatever Edge is showing on their Win 10 at work.
 
The green secure lock just goes to provide a false sense of security. Why bother to try to hack the connection between the user and the site when you can just hack the site or the user. If the past few years have taught us anything it’s that if the data exists on the internet somebody will find a way into it sooner than later.
 
Last edited:
As an IT professional, the green lock helps me get the cert info quickly. Which can help me diagnose if I setup the cert chain correctly...

Please don't make my job harder.
 
As an IT professional, the green lock helps me get the cert info quickly. Which can help me diagnose if I setup the cert chain correctly...

Please don't make my job harder.
I hear ya, as working with certs is a bug part of my job. But Chrome has made this difficult for a long time now (you can't get cert info from the lock today).

I really wonder what their angle is...
 
I hear ya, as working with certs is a bug part of my job. But Chrome has made this difficult for a long time now (you can't get cert info from the lock today).

I really wonder what their angle is...

I don't remember how it was before but I now can just click on the lock and click for the certificate info.
 
SSL/"Secure Web" is kind of a failure. If I ask any non-tech person (& even some tech people), they believe that the green lock/bar/etc means the site is "safe & secure". They make no distinction between "safe" & "secure", so when some phishing site buys a $6/yr (or hey, now it's free with lets encrypt!) TLS?SSL Domain Validation cert, and the my non-tech friend typos, they look, see the green bar & type in all their cc info or password into the phishing page and it's game over.

"But it had a lock! How is it possible someone stole my info?"
 
I hear ya, as working with certs is a bug part of my job. But Chrome has made this difficult for a long time now (you can't get cert info from the lock today).

I really wonder what their angle is...
To take the data they collect in Chrome and make sure it's theirs exclusively and third parties aren't collecting it and also selling it. To force the internet riff-raff off the web and make sure ad friendly businesses dominate the interwebs.
 
while i think the green lock should remain.. i was reading the other week about some hijack of a crypto website that people were going to it, and had to click past the SSL not working error to login. Then wondered HOW their info got compromised...
 
i assume EV http sites will have the green mark with there name on it still (like banking sites or other confirmed sites with EV on them) as HTTPs doesn't mean the site is secure and its the official site (not that an EV cert does as well but the requirements for an EV cert is far higher)

BBC UK news was saying make sure the site your on is HTTPs and the site is safe witch is very incorrect HTTPs just means the link to the site is encrypted (any one can get HTTPs certs)

Note if your ignore a cert warning and press the drop down and press proceed to unsafe site the HTTPs has RED and a Line threw it (on chrome and firefox you have to go out of your way to allow a broken cert)

cert info is easy to get just 2 clicks (one on lock and then cert) i agree they did hide it in 1-2 versions of chrome but they backtracked on that as it made it quite difficult to see the cert
 
I don't remember how it was before but I now can just click on the lock and click for the certificate info.
You're right! I'm not sure when that changed, but it brings it right up in the actual Windows certificate view (vs how Firefox brings it up in their GUI). You made my day.... thanks.

To take the data they collect in Chrome and make sure it's theirs exclusively and third parties aren't collecting it and also selling it. To force the internet riff-raff off the web and make sure ad friendly businesses dominate the interwebs.
I'm sure that is at least along the lines of what they are up to. They're not just looking to save a few pixels of screen real estate....
 
Back
Top