Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

No more "lock" icon in Safari when using https?

zorinlynx

zorinlynx

macrumors G3
Original poster
May 31, 2007
8,418
19,065
Florida, USA
I noticed there's no "lock" icon in the URL bar when connected to an SSL site in Safari on 15.4.

My other Mac still on 15.3.2 still shows the lock icon.

Is anyone else seeing this? Wondering if it this is "me issue" or a "we issue".
 
  • Like
Reactions: TheLisnakFactor
Wow. This is an insanely terrible decision. Lock icon was a quick glance check to make sure I was using https. Now I have no idea unless I poke into "Connection Security..." in the menu bar?

Why did anyone think removing the lock icon was a good idea!?

Thanks for the link though. I tried to look for changelogs but couldn't find this one easily.
 
  • Like
Reactions: TheLisnakFactor and Nermal
It's most probably related to more prominent warnings on all non-secure connections.
 
zorinlynx said:
Why did anyone think removing the lock icon was a good idea!?
Click to expand...
Almost all sites now use HTTPs. Safari displays Not Secure in the address bar if a site isn’t using HTTPS.

If an unencrypted website has requested your password or credit card information, Safari warns you that the page you are on isn't secure.

If you tap or click into the form to sign in or enter information, you'll see a more prominent warning in the address field.

Settings app > Apps > Safari. Under Privacy and Security you can turn on the Not Secure Connection Warning option. This will display a full page warning if you visit a site that doesn’t use a secure connection.
 
  • Like
Reactions: nathansz
galad said:
Safari is set by default to display a full page warning when trying to load a http website. So there is no way to load one by mistake.
Click to expand...
The full page warning isn’t on by default. It can be turned on in Settings.
 
  • Like
Reactions: aj8690
Nearly all business or shopping websites, news publications, and company IT departments have trained users to look for the lock icon in any browser to ensure that a site is secure, and to click on the lock the view the certificate. I doubt that many of these sources will take the time to explain how to check for security in newer versions of Safari. Even worse, some sources may start spreading misinformation about https compatibility in Safari to discourage people from Macs.
 
Last edited:
  • Sad
Reactions: Nermal
Also, https-by-default (https-First) can be enabled in Feature Flags
https-by-default.jpg

"Show features for web developers
Access tools for developing websites with Safari. Show the Develop menu in the menu bar and show Developer and Feature Flags settings in Safari Settings."
https://support.apple.com/guide/safari/advanced-ibrw1075/mac
 
  • Like
Reactions: Snørrbjørg
Google removed the lock icon from Chrome in 2023.

blog.chromium.org

An Update on the Lock Icon

Editor’s note: based on industry research (from Chrome and others), and the ubiquity of HTTPS, we will be replacing the lock icon in Chrome’...
blog.chromium.org blog.chromium.org
 
zorinlynx said:
Wow. This is an insanely terrible decision. Lock icon was a quick glance check to make sure I was using https. Now I have no idea unless I poke into "Connection Security..." in the menu bar?

Why did anyone think removing the lock icon was a good idea!?

Thanks for the link though. I tried to look for changelogs but couldn't find this one easily.
Click to expand...
The lock icon also led unknowing people think they were on a secure and legit website, when in fact it’s only the connection that’s secure and they could still be on a phishing site.
 
  • Like
Reactions: mystery hill
While the change to desktop Safari is a little obnoxious, it's nice to be able to view certs on iOS. I've been waiting for that capability for a while.
 
mystery hill said:
Settings app > Apps > Safari. Under Privacy and Security you can turn on the Not Secure Connection Warning option. This will display a full page warning if you visit a site that doesn’t use a secure connection.
Click to expand...
I think that is for iOS. This thread is more focused on macOS version Safari.
 
Last edited:
This is an understandable change, since most of websites are already adopted HTTPS, and Safari will block non-HTTPS urls by default. Also, some people have inaccurate understanding of HTTPS and the padlock icon, they might think the website is trustworthy since it says "secure". But in fact only the connection is secured.

Sometimes I use the padlock icon to check if I have stable internet connection or if the website is reachable. Now it's gone, I'm missing it a bit.
 
baconcat_8964 said:
Also, some people have inaccurate understanding of HTTPS and the padlock icon, they might think the website is trustworthy since it says "secure". But in fact only the connection is secured.
Click to expand...
Because Google and Apple put that idea in their heads for the last decade.
 
Bad move on Apple' part. Bring back the icon.

www.apple.com

Product Feedback

We would love to hear your comments about any of our hardware and software products. Send us your thoughts.
www.apple.com
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back