Good to see that the Chrome browser (the most widely-used in the world) is going to remove the ‘lock’ icon shown on sites using https. This has always been confusing, suggesting to users that the site is somehow ‘trustworthy’, whereas all it means is that the connection is a secure channel between the browser and site.
Chrome’s designers at Google say: “Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon.”
The replacement will be an icon which does not instantly imply anything (below), but it seems will be clickable to reveal more information. “On all platforms”, Google continues, “We will continue to mark plaintext HTTP as insecure.”