Maybe they will still keep the red lock

Yeah, they should go through with the change and have a tune icon. But as the oc said, should also have a red crossed out lock if the site is unencrypted. TLDR: keep the tune icon but also have a crossed lock for HTTP.

They will still warn about sites that don't use HTTPS or are using an untrusted or invalid certificate

They used to have 2 types of locks: a grey one that marks a site as using encryption and a green one that meant its safe to use. Everyone could get the gray one, while the green one was reserved to banks and people willing to pay millions of dollars for that green padlock. But for some unknown to me reason they removed the green padlock.

"There's no red lock? Must be a trustworthy site"

I think they will do that.

They likely have an ulterior motive here, probably to include something in that menu at some point. This decision seems strange and not thought out well which is always suspect.

Buddy that’s exactly what they’re doing. Now users won’t have a false sense of security and the sites that are http and invalid certificates will have a very prominent warning.

Many websites that are legit don’t have certificates as they don’t collect private information. It’s rather cumbersome and expensive to use them on e.g. the site of a local bake shop that doesn’t require visitors to login.

@@Ozymandias1 That's false. SSL-certificates are completely free of charge. In addition, it is dangerous to not use one like they mentioned in the video. You can insert malecious content into http packets

Still the best browser.

I disagree, I think it's an issue of poor user education.

@@gFamWeb Well, you can't force users to read documentation. The way to fix the user education is by using more intuitive icons like this Chrome change to basically normalize HTTPS, and communicates that HTTPS is the norm, but lack of it is usually a little fishy in today's web.

So now instead of looking at a website icon to at least get an idea of how safe it is, they make us click on the icon to check for every single site, then also confirm in the URL that there's no freaking @....zip. So intuitive 🙃

​@@gFamWeb You need to design your UI to meet your users' needs. You cannot design your users to fit your UI.

Yeah, the lock is meaningless unless you actually look at the certificate chain.

There are levels of verification that could (have) been used. For instance to get extended verification certs the issuer would verify contact information, physical addresses, &c along with the ownership of the domain. That could be better than giving no feedback, but i don't believe they're as heavily used anymore and the differences and distinctions were never conveyed to end users well.

Even my finances class at school peddled the idea that https is a key indicator that a shopping site is safe to use. Glad they're now doing more to clear up the confusion for end users.

That last point should be a good reason that CAs including Let's Encrypt and Cloudflare should be revoking certificates used for malicious purposes.

While I agree this is a huge problem and something should be done, I don't think this is the right fix. Now we expect users to click on something just to see the lock that they clearly don't understand in the first place?

The only thing I have to say to those people is to learn what these things are, not to change the world to suit those people who didn't. This is the mainstream non-tech people negatively affecting everyone else, pretty tired of this to be honest.

In the days of Let's Encrypt, it's as easy as entering two Terminal commands to get a trusted CA certificate though. The main issue still exists, that normal users associate the lock with a "secure website" rather than a "secure connection"

Since certificates from trusted CAs don't have any requirements anymore it is basically the same

Yeah and it's very clear. The lock just isn't needed here.

and not to sound mean, but the People 'bringing that up' and thinking they've found a loophole or problem - sorry fam, you're the exact demographic that this change is needed for. you don't understand how things work currently as is, and are misinterpreting the visual information being presented. exactly confirming that this change IS for the better!

@@taiiat0 Who are you talking to?

​@@taiiat0 You mean the people that want things to stay the way they are which is simple and easy to understand should not be complaining about a change that's going to make things more confusing?

​@@asandax6 it's not going to make anything more confusing, you're just not fully briefed on what is or isn't changing.

That won't deter scammers, they will just embed those security certificates on their web sites. Ponzi sites have done it for years, sites flashing their "EV Certificate", Comodo, verified by wave, etc, and when you did due diligence they did have EV......SO yeah all these certificates are pretty much fucking useless - scammers have the upper hand now.

No amount of changes will fix uneducated ignorant humans who fall for easy scams, you can tell them anything and they will believe.

That's their plan

i am suprised that you can't see your dad but i can see my immatureness

It already says "Not secure", if connection is http

@@martin0499 Well yeah, and I hope they keep doing something like that

​@@gsdtxzyou're definitely 13

Hello 👋

sup m8

Hey daddy

Wotcher, m8

Firefox ftw

I had a similar thought. Turns out they got their survey respondents from Clickworker. According to Clickworker's own site: “Our community now includes more than 4.5 million internet-savvy people from all over the world, our so-called Clickworkers.” Obviously this is marketing fluff, but I'd still guess that these people probably are a bit more Internet savvy than the average Chrome user

Firefox already have the same icon, but they still have a padlock icon for cert info. Switched from Chrome, cuz they went too far with shady things... Khm, khm softwarereportertool.exe, am I right google. They messed up KZbin too, dislike button, no option to choose video codec, etc.

@@sp4c33 Keep that padlock or we'll just use extensions to check cert validity and show it instead.

Pretty sure at this point in time people have mostly finished switching off Firefox, I know personally I mostly use Firefox but use non-google chromium based stuff when I really need to use a specific extension or for trying out web app stuff.

@@U1TR4F0RCE There are still people who use Firefox even though Mozilla is hard trying to make us switch to Chrome. Even after recent changes where Firefox devtools became buggy as hell they are still better than Chrome's. Only a little better though.

@@hubertnnn Been using FIrefox forks that say "X feature is retarded here is a toggle to turn it on if you want it otherwise old v14 UI"

Uneducated users don't make a feature bad, they (google) could have done a campaign to clear up what HTTPS is instead, for the general public. Now they're obfuscating the icon and hiding it behind another menu. HTTPS doesn't mean "you're secure", it means "your communication is secure".

been ther since version 40 next to the padlock.

I *think* they're going for a general "site settings" menu icon rather than a "site security (info/settings)" menu icon, even if it does house information about the site's security from that menu. I personally read it as a potential settings button immediately just from the dots and horizontal lines, but I can see how ambiguous it could potentially come across as to others.

the point is to *avoid* connotations with safety, because HTTPS does not make a site safe. it is a small technical detail that protects one tiny area of your interaction with this specific server, but that was never communicated to users. now everyone thinks that padlock makes a site safe, so we need to do our best to change how people think about safety. it will absolutely still warn you when HTTPS isnt being used, which does actually impact safety

@@Cheerybelle For me, personally, that icon is exactly my issue with their whole framework. For you (perhaps you're more used to Android?) it's recognizable as such - Maybe because the icon represents something in the most recent Android menus...? Or simply because you process visual information differently, and it just 'makes sense'? For me, it's extremely helpful to have colors involved in menus and in text (even if only 1 "call to action" color, or "this is ON" color). Button shapes also help; as do sliders where I can see the track (so i can immediately see if it's on/off) But the menu does not feel like a menu to me anymore, (if you know what I mean) Google has minimalized everything beyond usefulness. If the difference between icons that are OFF/ON is 20% Grey / 50% Grey... Or if only the subtitle text changes when I click on a menu item (like in the YT app settings on iOS)... I don't easily see that something is active or that something has changed. Like, it's harder for me to discern information from this type of UI. What I'm trying to say is: "this icon might not be logical to ME, because I don't find the menu style logical either" It's been minimalized beyond usefulness - makes sense the icon is useless for me too ;)

@@jotch_7627 I understand the need to avoid connotations with 'safety' as an iconographic statement; A lock means 'safe'. A shield means 'protected'. But does that mean ANY hint to 'find those type of settings here' must be annihilated? My point is that things like the magnifying glass, the 'cast to screen' icon, even the hamburger / meatballs / kebab menu icons - (someone needs to feed those devs, btw)... They all make sense (as does the paper airplane icon next to this textbox ->). They represent either the functionality (search = magnifying glass.. like an old timey detective) or which type of navigation you'll find underneath (hamburger = pulldown-esque list menu). This icon, however, looks to be more of a minimalist version of the 'translate' icon.... To me, that is. Or even a chat dialogue (person 1 speaks, person 2 replies. Perhaps with a bounding box, so I can SEE it's probably a slider. Or if the circle to the right ("ON") was filled in, and the circle to the left ("OFF") was more of a thin outline. That way it would have more of a connotation with an options menu, without deviating from the style. But that's my issue with the framework, most of the time. A lot of things are simplified too much - (to where they are no longer recognizable as the thing they should signify) - for the sake of a 'universal' / non-emotive / non-intrusive design framework. (Which I understand.. Edge, Opera, Chrome itself all run on the framework, and all have their own style. But to me that's still no excuse to make icons less readable - that kind of defies what icons were invented for in the first place; the ability to quickly navigate (be it a physical location or just information) This icon is for a browser in 2023, that won't be able to run on devices with 320x240 resolution... know what I mean? There is some room for a thin line for the sake of clarity, I should think. And a solid shape here or there to make line drawn icons easier to understand - that seems like a sacrifice well worth it. -- PS. I must give credits in other areas to Google: the new personal data / advertising / privacy menu: aaaamazing. For real. Clear differentiation between the different main menu items and sub items. Clear interface. (even icons, I believe - which makes it hella easier for me to locate what I'm looking for)

@@iggysixx Isn't their new privacy menu just "There are no options. We own your soul. You cannot disable this."?

Because many people, especially those that know a little bit about tech love to shit on big tech companies for the sake of it. Yes, Big Tech is scummy, but the actually scummy things are never criticized.

Because a lot of effort was put into making "Lock means trustworthy" with web browsers as an oversimplification.

plus, the job of an icon is to convey or represent something, right? for example if one comes across a globe, their brain automatically wouldn't associate it with a browser, as opposed to when seeing the representation of said globe as an icon on a computer/phone

"gee why would people associate it with meaning the site is secure when it says that next to it. clearly it means the connection between me and the site is secure because everyone learnt the OSI model."

@@parabolicpanorama the site *is* "secure" when it has the lock, it just isn't necessarily trustworthy. And again: what about a *lock* conveys trustworthiness?

It's 2023 and the number you see can still be faked. It shouldn't work like that. A connection FROM a number should be the exact same as TO the number. That way it couldn't be faked. But of course protecting people from scams would mean making less money from the scammers.

@@flameshana9 And scam calls is literally the only way landline phone providers make any money anymore, so they _really_ have a good reason to keep letting them through. This is exactly why we should have nationalized our telecom infrastructure ages ago instead of breaking it up.

Might not work as it looks like SHIT

That sounds like "shit TP" when I read it aloud...

probably never because it HTTP over SSH makes 0 sense

@@mihailmojsoski4202 For most of the internet, sure. But imagine you want to login to a website. Instead of using a username or password, you can just let SSH keys handle it. You've just removed the weakest link out of a login.

If you need to "educate" an everyday user it's poor ux design

@@0106johnny "what is this Square thingy?... Save why not make it a pen and paper sonny?"

​@@0106johnny if we went by that logic no one could make anything new. They'd just have to make stuff that people already understand from other stuff.

@@gFamWeb You can also make intuitive ux

Always been a thing? You just havent seen it

not new at all.

Mmm early 2000's firefox feature. Took them long enough to show it to the normies.

@@snintendog Those settings have been there for a very long time as well…

Well, that clearly says *connection* is secure, not *site* is secure. And if people can still misinterpret that, well, I guess we need to reeducate the users.

@@00001Htheprogrammer yes, it's extremely clear to you and I. Some people don't know what the word connection includes, neither what Secure includes (though the answer to that one is "the connection"). They just get the impression that they are connected to something secure and the browser seems to think that they shouldn't be concerned. As for educating users.. it's a tough task. Very tough. The best we could possibly do is have something pop up on every browser, including old ones, and hope the user hasn't trained themselves to ignore it. Thankfully, hiding it is a step in the right direction. But the event viewer on windows is pretty hidden but scammers still use it to trick people.

@@stevensavoie856 Yup. They probably should reword it as “connection is encrypted”. Unless some people still believe that encrypted = safe…

@@00001Htheprogrammer either way, it's a big improvement. The argument "people don't know what that actually means " doesn't work here because people don't know what "secure" means either.

It's because it didn't work anyway. People are stupid. The only way for that to be effective is for blocking any site that doesn't have an ev certificate and then the scammers would just get that

Because EV certs were ridiculous.

@@teh-maxh only if your an indian scammer

@@teh-maxh please tell me why you think EV certificates are ridiculous.

Phishing sites can easily spoof the organization name. Look up “Extended Validation Certificates are (Really, Really) Dead” by Troy Hunt

But how is not having a lock going to raise their concerns because every other site is also not going to have it? It makes zero difference

At least, they won't be 🔒 = website good. There will be a new symbol replacing that lock and if they are curious as to why there's no longer a 🔒on their websites, they would probably try clicking that new symbol and learning from what's shown there instead.

More like: "The users weren't born knowing how to use your product, but as the person who designed it, you basically were, so you're the last person on the planet who can be trusted to judge how intuitive it actually is."

@@stevethepocket True, but the avg user is very stupid. I say this from my experience in IT. My first instinct has become pebkac because you cannot trust the user.

@@kymotsujason The problem with this approach is that it leads to resentment and a disinclination to make things more user-friendly because "Why should I _help_ the idiots who are only making the planet dumber by their very existence?"

@@stevethepocket Maybe for some people, but for me this just means things like making sure the first and second lines of an email are the most important or sending a step by step guide with images, arrows, and red boxes. In my mind, it is a “they’re stupid so treat them as though they need babying at every step.”

They actually published a paper: “It builds trust with the customers” - Exploring User Perceptions of the Padlock Icon in Browser UI

Removing the lock is actually a good idea, as mentioned in the video.

@@stokbrood its a shitty idea , now most ppl wont notice the website is not secure and they can give their credentials

​@@wnsjimbo2863 nowadays SSL is cheap. Even https sites can get your data as they've the key. People just assume the sites is legit/thrustworthy with the lock icon, but scam / any malicious sites can have https. Getting rid of the icon is good. That doesnt mean chrome will not inform you when the sites is using https or not

​@@wnsjimbo2863 Http sites literally have big warnings. Even more obvious than before actually

@@samdbage9434 doing more harm than good there already is a solution but chromes Retarded UI made by dumbasses that got their job by being rich AF dont like using the Whitelisted Domains list in EV.

It's just faster and cleaner and incorporates well into the google ecosystem.

@@Tupsuu except none of that is true.

​@@snintendogFirefox is literally just slower than Chrome because of its Javascript engine. And current Opera is based on Chrome for that specific reason.

@@mihailmojsoski4202 Opera is *not* based on Chrome. It's based on Chromium. They just share a common base.

Well sir. The odds were not in your favor.

And it still shows a warning if HTTPS isn't being used.

I bet they will still show that. But there will only be the settings icon for normal https sites.

The title is confusing, I thought google really gonna remove a feature that is useful but it turns out google will just change a icon.

@@SPPR89 same

Firefox will follow google on this 100%

​@@Tupsuu Yup, this has been requested for at least two years now

"i use firefox because it's open source and doesn't track you" - fires up google maps and sets a destination

Firefox uses the Google search page as its homepage and default search engine.

How does it make it seem that way? Google doesn't even have the power to do that

@@flamingscar5263 I dont know maybe the title "Google Chrome Is Ditching This Feature"

@@SkooBalls except they are for their retarded UI philosophy.

It sounds like you are using Internet Explorer. Google has been there for a very long time. Also how is that relevant to this video?

@@Gramini It looks as though you can read, but not comprehend. My comment states that I use Firefox. In what way is your comment relevant to the video?

@@Acceleronics Oh wow... It looks as though you can read, but not comprehend. My comment was a joke. In what way is your comment relevant to the video?

@@Gramini So your comment was a joke but your question was not?

I thought Firefox has also switched to chromium

@@I_AM_NOVA. nope.

Chromium is just so much better

@@0106johnny nah. Unless users protest chromiums manifest v3s policy on AdBlock extensions you will have a lot less secure experience.

@@Denastus Lmao, you know that Firefox is dropping v2 as well, right?

You can do that on IE

I've been using a Firefox extension for many years that lets me set a home page for new tabs.

@@Acceleronics Yes, with foreign extensions you can, but not by default.

Nope. Loser. Grow up.

the site that has no https can also be mitm'd to include a form one day to sign up with no way for the end user to ever check if the site was updated or they're just at the wrong place.

basically there are an infinite amount of possible address because they aren't like actual files on your computer, it's just text that gets sent to a program

and yes, if you aren't using HTTPS, your ISP, ANYONE connected to your network and anyone in between can potentially see every single individual image. if you are using HTTPS only you and the website can see your photos.

and if you aren't using HTTPS anyone can also see your passwords, your credit card info and they can also technically change the content of the site

Good thing is that it works like you want. A site using plain http gets a warning next to the icon.