Comment by jwr
15 days ago
I really dislike this trend that unfortunately has become, well, a trend. And has followers. Namely, let's simplify to "reduce noise" and "not overwhelm users", because "the majority of users don't need…".
This is spreading like a plague: browser address bars are being trimmed down to nothing. Good luck figuring out which protocol you're using, or soon which website you are talking to. The TLS/SSL padlock is gone, so is the way to look into the site certificate (good luck doing that on recent Safari versions). Because users might be confused.
Well the users are not as dumb as you condescendingly make them out to be.
And if you really want to hide information, make it a config setting. Ask users if they want "dumbo mode" and see if they really do.
The TLS thing at least kind of makes sense. 99.9% of sites that the typical user visits will have a correctly configured and trusted certificate and communicate over TLS, so the browsers only show an indicator when that’s not the case. I think it’s a sensible evolution given how the internet has changed.
Again with the "99.9%" argument. This is always the beginning of a path towards dumbing things down. "99% of users…, 99% of sites…, in 99% of cases…" — this is always how these things begin.
Also, was the padlock really such a problem? Did it really have to be removed? If not, perhaps another easily accessible way to access this data could be invented. Like, I don't know, a menu item perhaps?
In chrome on macOS, the information is still there. It’s right where it used to be, to the left of the url. But quickly glancing at safari on Mac and phone I wasn’t able to find the information at all, which, yeah, I disagree with that decision.
Both browsers show “not secure” pretty prominently for non-TLS sites, and very loudly complain about sites with untrusted certificates, so the absence of either of those things signals a trusted cert, which is now the most common case by a very wide margin for me.