Firefox 70 is introducing new padlock icon security and identity indicators in the browser that will give less visual prominence to Extended Validation (EV) SSL certificates and draw more attention to sites delivered via the insecure HTTP protocol.
Developer
Mozilla and Google Chrome developers discussed removing EV SSL indicators in the address bar in August because the indicators don't convey anything about the security and authenticity of a site.
Google removed the EV indicators in Chrome 77, released in September, and Mozilla will do the same in Firefox 70, out later this month. This version removes the traditional green padlock icon plus the site owner's name from the address bar. The padlock for EV sites will now be the same as any normal HTTPS site.
SEE: How to build a successful developer career (free PDF)
Mozilla is also ditching the green padlock for a gray padlock for HTTPS sites and will now use a red strike through the padlock for all HTTP and FTP connections.
"The formerly green lock icon will now become gray, with the intention of de-emphasizing the default (secure) connection state and instead putting more emphasis on broken or insecure connections," explained Mozilla's Johan Hofmann.
As with Chrome, the EV certificate information is still available but the user needs to click the padlock icon to reveal the "Site information" panel.
Mozilla notes that the main downsides of showing EV indicators in the address bar is that users must notice the absence of the EV indicator on a malicious site.
"This change will hide the indicator from the majority of our users while keeping it accessible for those who need to access it. It also avoids ambiguities that could previously arise when the entity name in the URL bar was cut off to make space for the URL," noted Hofmann.
The crossed-out padlock icon is being introduced in response to the rising adoption of HTTPS. Currently about 80% of pages loaded in Firefox are over HTTPS.
Additionally, Firefox will no longer have an 'information' icon to the left of the padlock. Its functionality has been moved to the padlock.
SEE: Mozilla to Firefox users: Here's how we're protecting you from code injection attacks
Firefox 70 will also introduce a shield or 'protections' icon to indicate when the browser's new anti-tracking features are enabled, active or disabled. In Firefox 69, Mozilla enabled anti-tracking by default for all users.
A gray shield indicates protections are enabled, purple indicates they are active, and a crossed-out shield indicates that the user has disabled protections for the site.
Firefox 70 is scheduled for release on October 22.
Mozilla is ditching the green padlock for a gray padlock for HTTPS sites and will now use a red strike through the padlock for all HTTP and FTP connections.
More on Mozilla and the Firefox browser
- Firefox paid support: Enterprise premium starts at $10 per installation, says Mozilla
- Mozilla launches Firefox VPN extension for US users
- Firefox 69 is out: Flash squeezed out, tracking protection on by default
- Upcoming Firefox update will decrease power usage on macOS by up to three times
- Mozilla CEO Chris Beard to depart at year end
- Mozilla CEO: Premium version of Firefox coming this fall
- Firefox blocks third-party web trackers by default
- Mozilla announces ban on Firefox extensions containing obfuscated code
- Mozilla: End of Firefox for Android slated for 2020 as Fenix rises
- Mozilla: Firefox to block cryptomining scripts hidden on websites by default
- How to add a custom search engine to Firefox mobile TechRepublic
- Certificate issue disabling add-ons in Firefox and Tor browser finally fixed TechRepublic