Firefox 70 is introducing new padlock icon security and identity indicators in the browser that will give less visual prominence to Extended Validation (EV) SSL certificates and draw more attention to sites delivered via the insecure HTTP protocol.
Google removed the EV indicators in Chrome 77, released in September, and Mozilla will do the same in Firefox 70, out later this month. This version removes the traditional green padlock icon plus the site owner's name from the address bar. The padlock for EV sites will now be the same as any normal HTTPS site.
Mozilla is also ditching the green padlock for a gray padlock for HTTPS sites and will now use a red strike through the padlock for all HTTP and FTP connections.
"The formerly green lock icon will now become gray, with the intention of de-emphasizing the default (secure) connection state and instead putting more emphasis on broken or insecure connections," explained Mozilla's Johan Hofmann.
As with Chrome, the EV certificate information is still available but the user needs to click the padlock icon to reveal the "Site information" panel.
Mozilla notes that the main downsides of showing EV indicators in the address bar is that users must notice the absence of the EV indicator on a malicious site.
"This change will hide the indicator from the majority of our users while keeping it accessible for those who need to access it. It also avoids ambiguities that could previously arise when the entity name in the URL bar was cut off to make space for the URL," noted Hofmann.
The crossed-out padlock icon is being introduced in response to the rising adoption of HTTPS. Currently about 80% of pages loaded in Firefox are over HTTPS.
Additionally, Firefox will no longer have an 'information' icon to the left of the padlock. Its functionality has been moved to the padlock.