Google has long wanted to replace the lock icon in Chrome’s address bar, and it’s finally proceeding with those plans in September as part of a broader browser redesign.
The company notes how “browsers have shown a lock icon when a site loads over HTTPS since the early versions of Netscape in the 1990s.” As of today, over 95% of page loads in Chrome (for Windows) happen using HTTPS. Given the widespread adoption, Google wants to “re-evaluate how we signal security protections in the browser.”
When HTTPS was rare, the lock icon drew attention to the additional protections provided by HTTPS. Today, this is no longer true, and HTTPS is the norm, not the exception, and we’ve been evolving Chrome accordingly.
Another factor is that the lock icon implies trustworthiness when it shouldn’t:
Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon. Misunderstandings are so pervasive that many organizations, including the FBI, publish explicit guidance that the lock icon is not an indicator of website safety.
Chrome is replacing the lock with a “tune” icon after previously trialing an upside-down chevron. This new design is meant to be a “neutral indicator” while also implying that “security should be the default state in Chrome.” It evokes toggles/switches, and Google overall finds that the new icon:
- Does not imply “trustworthy”
- Is more obviously clickable
- Is commonly associated with settings or other controls
The latter benefit “helps make permission controls and additional security information more accessible.” Previously, research showed that users didn’t understand how clicking the lock icon showed those controls. The browser will continue to mark HTTP as insecure in the address bar.
Google is launching the new tune icon with Chrome 117 in early September 2023 as part of the broader Material You redesign on desktop, which we showed off yesterday. (Note the Material 3-style toggles and pill-shaped buttons above.) It’s also coming to Chrome for Android, while the iOS app will remove the lock icon entirely since it isn’t a tappable button today.
You can see the new tune icon now in Chrome Canary if you enable Chrome Refresh 2023 at chrome://flags#chrome-refresh-2023, but keep in mind this flag enables work that is still actively in-progress and under development, and does not represent a final product.
More on Google Chrome:
FTC: We use income earning auto affiliate links. More.