Google has announced that it will be removing the castle icon that appears in the address bar of Chrome in an effort to improve security. The new icon, which will appear as a neutral “Settings” icon, will be rolled out in the Chrome 117 release on 12 September. The move is aimed at enhancing browser interface and promoting the default state of safety online. The only time the new icon won’t be featured is when a connection is installed without encryption, then the “Not protected” indicator will continue to be displayed.
Explaining the rationale behind the change, Google said that the castle icon is often misinterpreted as a sign of a website’s general security and user confidence, rather than an indicator of traffic encryption. A recent poll conducted by Google revealed that only 11% of users actually understood the purpose of the lock indicator. In fact, the confusion is so widespread that even the FBI was forced to publish a recommendation explaining that the symbol of an icon with the lock shouldn’t be interpreted as a site’s overall security level.
Nowadays, almost all sites use HTTPS and traffic encryption is the norm, rather than an indicator that demands attention. Encrypted and harmful phishing sites use the same encryption techniques, and as such, displaying an icon with a castle creates false expectations.
The change to the icon will also help users more clearly understand that pressing the icon leads to the menu selection. The updated interface is already available in experimental Chrome Canary builds and can be enabled via the “Chrome://Flags#Chrome-Refresh-2023” parameter.