So, both Apple and Google have decided to be quiet about letting you know a page is not as secure as it should be. Instead of showing you a warning, they’ve opted to just show the page as insecure and not raise any concerns. It’s a fair point. Most folks STILL don’t know to look for the “lock icon” showing that a site is running a secure connection. Heck, this block runs in the clear currently. Why bother the user’s pretty little head with scary symbols?
Well, probably for the same reason that if your Factory Authorized Vehicle Service told you “Oh that? Yeah, just put some black tape over that “Check Engine” light. It’ll be fine!” you’d probably consider going somewhere else to get your brakes checked.
The problem is that the page has said “i’m going to be secure. Everything we talk about is going to be encrypted. It’s safe here, so you can talk about anything.”
Only it’s not. It’s invited friends, some of which can’t keep their mouths shut.
So the browser has instead said “Yeah, no, this isn’t a safe spot, so no encryption. No lock for you, but it’s a normal page.”
But it’s not. The site is going to do things based on the idea that the page is safe, like ask your for passwords or personal info. Sure, you may realize that it’s a bad idea, but the folks far less familiar with security (that would be the VAST MAJORITY of people online) will look at the happy plain-gray icon and feel it’s A-OK to type in their credentials, because there’s nothing to scare them off from doing it.
Yes, having that odd looking icon is troubling and confusing to users. That’s kind of the point. It’s the proverbial “Check Engine” light of the internet and yes, there’s going to be some users that happily ignore it and horrible things will happen to them. Those folk are doomed to their gleeful ignorance regardless.
i’d rather not doom the small percentage of folks that have Darwin-like evolved to look for those warning signs.
Oh, and by the way? Go secure your site. It’s free now.