Chrome Says Goodbye to Green “Secure” Lock on HTTPS Sites

Discussion in '[H]ard|OCP Front Page News' started by Megalith, May 20, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    12,102
    Joined:
    Aug 20, 2006
    Now that HTTPS is becoming the norm and "users should expect that the web is safe by default," future versions of Chrome will no longer show a green security badge to indicate whether a website is secure or not. On the flip side, HTTP sites will now carry a red warning label to warn users that they are visiting an insecure page.

    By May 12, 83 percent of websites visited by people browsing on Chrome using Windows were HTTPS pages. It's gotten to the point for Google where you're much more likely to visit an HTTPS page on Chrome than a nonsecure page. With that mindset, if something is the norm, you don't really need a label telling you that everything is normal.
     
  2. Dead Parrot

    Dead Parrot [H]ard|Gawd

    Messages:
    1,640
    Joined:
    Mar 4, 2013
    Really hope they keep the green lock for a long while. A lot of folks are stuck with one system at work and one or more at home. Much easier to have them check for a green lock for secure connection to site for all systems then Good is nothing on Chrome, Green Lock on Firefox, and whatever Edge is showing on their Win 10 at work.
     
  3. Lakados

    Lakados Limp Gawd

    Messages:
    489
    Joined:
    Feb 3, 2014
    The green secure lock just goes to provide a false sense of security. Why bother to try to hack the connection between the user and the site when you can just hack the site or the user. If the past few years have taught us anything it’s that if the data exists on the internet somebody will find a way into it sooner than later.
     
    Last edited: May 21, 2018
    GSDragoon and clockdogg like this.
  4. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    2,379
    Joined:
    Jul 11, 2005
    As an IT professional, the green lock helps me get the cert info quickly. Which can help me diagnose if I setup the cert chain correctly...

    Please don't make my job harder.
     
  5. Chas

    Chas [H]ardness Supreme

    Messages:
    6,499
    Joined:
    Oct 31, 2005

    Google's currrent motto: Evil's kinda fun! SCREW YOU!
     
  6. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,160
    Joined:
    Apr 29, 2000
    I hear ya, as working with certs is a bug part of my job. But Chrome has made this difficult for a long time now (you can't get cert info from the lock today).

    I really wonder what their angle is...
     
  7. Vathral

    Vathral Limp Gawd

    Messages:
    215
    Joined:
    Jan 9, 2008
    I don't remember how it was before but I now can just click on the lock and click for the certificate info.
     
    Flapjack likes this.
  8. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    13,683
    Joined:
    Mar 31, 2001
    SSL/"Secure Web" is kind of a failure. If I ask any non-tech person (& even some tech people), they believe that the green lock/bar/etc means the site is "safe & secure". They make no distinction between "safe" & "secure", so when some phishing site buys a $6/yr (or hey, now it's free with lets encrypt!) TLS?SSL Domain Validation cert, and the my non-tech friend typos, they look, see the green bar & type in all their cc info or password into the phishing page and it's game over.

    "But it had a lock! How is it possible someone stole my info?"
     
  9. _l_

    _l_ Gawd

    Messages:
    805
    Joined:
    Nov 27, 2016
    gotta steer clear of those insecure websites :cool:
     
  10. jpm100

    jpm100 [H]ardness Supreme

    Messages:
    6,918
    Joined:
    Oct 31, 2004
    To take the data they collect in Chrome and make sure it's theirs exclusively and third parties aren't collecting it and also selling it. To force the internet riff-raff off the web and make sure ad friendly businesses dominate the interwebs.
     
  11. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,072
    Joined:
    Nov 15, 2016
    while i think the green lock should remain.. i was reading the other week about some hijack of a crypto website that people were going to it, and had to click past the SSL not working error to login. Then wondered HOW their info got compromised...
     
  12. likeman

    likeman Limp Gawd

    Messages:
    388
    Joined:
    Aug 17, 2011
    i assume EV http sites will have the green mark with there name on it still (like banking sites or other confirmed sites with EV on them) as HTTPs doesn't mean the site is secure and its the official site (not that an EV cert does as well but the requirements for an EV cert is far higher)

    BBC UK news was saying make sure the site your on is HTTPs and the site is safe witch is very incorrect HTTPs just means the link to the site is encrypted (any one can get HTTPs certs)

    Note if your ignore a cert warning and press the drop down and press proceed to unsafe site the HTTPs has RED and a Line threw it (on chrome and firefox you have to go out of your way to allow a broken cert)

    cert info is easy to get just 2 clicks (one on lock and then cert) i agree they did hide it in 1-2 versions of chrome but they backtracked on that as it made it quite difficult to see the cert
     
  13. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,160
    Joined:
    Apr 29, 2000
    You're right! I'm not sure when that changed, but it brings it right up in the actual Windows certificate view (vs how Firefox brings it up in their GUI). You made my day.... thanks.

    I'm sure that is at least along the lines of what they are up to. They're not just looking to save a few pixels of screen real estate....
     
  14. Nobu

    Nobu [H]ard|Gawd

    Messages:
    1,608
    Joined:
    Jun 7, 2007
    F12 then open the "Security" pane, if that helps any. Not sure if that's what you're looking for exactly.