The lock icon indicates that a web page was loaded using the HTTPS protocol. Years ago, this was quite remarkable, as HTTPS provides greater encryption and security for web users. But almost all sites now use HTTPS, including malicious websites. At this point, the lock icon is basically a showcase.
Visit any website and a lock icon will almost certainly appear in your address bar. This little lock can make you believe that a website is secure; actually, the lock icon doesn’t mean much. It simply indicates that a website was loaded via HTTPS, rather than HTTP.
Older HTTP connections were pretty easy to intercept, especially on public Wi-Fi. The HTTPS standard was introduced in the 1990s as a more secure alternative to HTTP. It encrypts your connection, making it harder for bad actors to spy on your web activity or deliver malware to your computer.
Until recently, HTTPS was a bit of a niche. It was mainly used by websites that handled sensitive information, such as banking websites. That’s why Netscape introduced the lock icon: this icon guaranteed that your connection was secure.
But a secure connection does not mean that a website is trustworthy. Anyone can build an HTTPS certified website, even hackers and other bad actors. In fact, most phishing websites use HTTPS.
And this is where the confusion begins. Almost all websites now use HTTPS, but in a recent study, Google found that only 11% of people know what the lock icon means. Some people have no idea what it means, while others incorrectly assume it’s a sign of trustworthiness.
For this reason, Google is trying something new. You plan to remove the lock icon from Chrome. In the future, users will be warned if they visit an old HTTP page, but they won’t see any comments when visiting an HTTPS website. We assume that other browsers will follow in Google’s footsteps.