The little lock icon that appears on the Chrome browser’s web address bar may fill you with comfort when you see it. But Google plans on retiring the feature, saying it’s outlived its use.  

The lock icon is meant to be a helpful indicator to show you a site’s HTTP connection is encrypted, which is also known as HTTPS. But according to Google, the lock icon can mislead users into thinking a website is safe and secure to use. 

In reality, the lock icon only designates that a website is secured with HTTPS, preventing the traffic from being transmitted in plain text, thereby stopping eavesdropping. However, a phishing page that hosts malware can also trigger the lock icon to appear on Chrome. The hacker simply needs to install an SSL certificate with their phishing site to secure the connection with HTTPS.

“This misunderstanding is not harmless—nearly all phishing sites use HTTPS, and therefore also display the lock icon,” the company wrote(Opens in a new window) in a blog post on Tuesday.  “Misunderstandings are so pervasive that many organizations, including the FBI(Opens in a new window), publish explicit guidance that the lock icon is not an indicator of website safety.”

The company adds that its own research from 2021 showed(Opens in a new window) “that only 11% of study participants correctly understood the precise meaning of the lock icon.”

For years, Google resorted to displaying the lock icon on Chrome in an effort to push the entire web ecosystem to adopt HTTPS. But now that over 95% of the page loads on Chrome occur over HTTPS, the company has decided it’s time to move on from lock icon, calling it “remnant of an era where HTTPS was uncommon.”

Google will replace the feature with a new “tune” icon, which can open up additional privacy-related controls to the visited site. “Replacing the lock icon with a neutral indicator prevents the misunderstanding that the lock icon is associated with the trustworthiness of a page, and emphasizes that security should be the default state in Chrome,” the company says. 

The company also says many users never realized clicking the lock icon can show additional controls, such as the ability to shut off notifications from a site, or to cut off its access to the web camera or microphone.

“We think the new icon helps make permission controls and additional security information more accessible, while avoiding the misunderstandings that plague the lock icon,” Google adds. 

The company is still tinkering with the final look of the tune icon and it remains to be seen if consumers will be confused with the change. But expect the transistion to occur in Chrome 117, which is scheduled to release in early September. For sites that fail to use HTTPS, Chrome will immediately show the user a page that warns that the connection to the visited site “is not secure” before loading the page. 

“We’ll be replacing the lock icon on Android at the same time as the broader desktop change,” Google adds. “On iOS, the lock icon is not tappable, so we will be removing it entirely.”