Original FR: https://orionfeedback.org/d/8377-add-the-padlock-icon-for-https-websites
This suggestion has been discussed in the thread above, but I couldn’t find a FR for this.
7
Padlock showing algorithm on insecure websites
Vlad added the Under Review tag .
Yes, a padlock should not be shown on a new tab - tab.
- Edited
Now that I've spent a day with the new 
️ symbol, one idea crossed my mind:
When the user has
Show Full URLsenabled, the HTTP/HTTPS status is clearly visible:
Moreover, when I have that setting enabled, I'd like to see as much of the URL as possible. The inclusion of the padlock seems to hinder this goal, not to mention the substantially larger amount of padding between the right edge of the URL and the reload button compared to the left edge.
When the user has
Show Full URLsdisabled, the padlock adds valuable information that is now available at a quick glance:
Therefore, I think it would be worth considering the following.
- Remove the padlock entirely when
Show Full URLsis enabled as it doesn't add any new information to the UI. Another argument in favor of this is that I'd assume that most Full URL users are power users. I could be wrong about that though. - Keep the padlock when the user has
Show Full URLsdisabled as it adds information, making their browsing experience more secure.
With the above, we would be able to skip adding yet another toggle in the settings.
What do you all think?
laiz Personally, I think the lock should only be displayed on insecure sites.
Google ditched their lock because SSL certificates alone don’t classify a site as non-malicious. Same with the green address bar.
Almost every page on the internet has a certificate so there’s no need to clutter the UI. Displaying the broken lock on insecure sites adds value because it notifies the user of an issue.
I also use “show full URLs” and would prefer to see as much of URL as possible.
Can someone summarize the consensus?
ForumNinja404
This is also how I view it; no message (= no padlock) means everything is working as expected and the UI remains clean. My suggestion above would be a compromise between that and hopefully benefitting the average user. Of course if everything was catered to me, there would be a simple toggle in the settings for the padlock.
Vlad
I don't think a consensus has been reached, but the three leading ideas are:
- Only show the padlock on non-https sites
pros: minimalistic, clean, this is the approach that, in my mind, resonates with what Orion is
cons: the implementation differs from Safari, some inexperienced users might be startled by the lack of the padlock on their toolbar - Let the user choose between the current Testflight implementation (the padlock always being shown) and idea 1
pros: give user the control
cons: yet another toggle in the settings - (see my comment above)
Show Full URLsEnabled -> no padlocks as http(s) is always shown anyway;Show Full URLsdisabled -> always show padlock as there is plenty of UI space for it.
pros: should be a good compromise, and it gives both the average user and the power user what they seek (I am aware not everyone agrees)
cons: havingShow Full URLscontrol the padlock visibility is unintuitive
- Edited
- Best Answerset by Vlad
(see my comment above) Show Full URLsEnabled -> no padlocks as http(s) is always shown anyway; Show Full URLsdisabled -> always show padlock as there is plenty of UI space for it.
pros: should be a good compromise, and it gives both the average user and the power user what they seek (I am aware not everyone agrees)
cons: having Show Full URLs control the padlock visibility is unintuitive
This makes sense we can go with it
Thanks for summarizing it!
Vlad changed the title to Padlock showing algorithm on insecure websites .
12 days later
19 days later
No one is typing