The grey ‘circle with an i’ symbol indicates your connection is not secure.
Have you seen this ‘circle with an i’ icon in Google’s Chrome web browser? Wondered what it meant?
We have the answer.
The lowercase i with a circle around it is formally known as the Information Symbol. It tells you when your connection to a website is not secure.
When you connect to a website your browser uses the HTTP protocol or the HTTPS protocol. Which one is used depends on what the website tells your browser to do.
The meaning of those acronyms don’t matter – what you want to know is that one of those protocols is secure and one isn’t.
HTTP is not secure. When you are connected to a website over HTTP the content of the page can easily be changed and the information you enter in can easily be stolen. You will see the grey circle with an i – the “Information Symbol” – when you are connected over HTTP. Here is an example:
HTTPS (notice the S on the end) is the secure protocol. HTTPS adds SSL (another protocol) into the mix to provide encryption and authentication which keeps the information private between your computer and the website.
Google Chrome likes when websites use HTTPS because it means they can feel more confident that your information is safe.
When you have a secure connection Chrome will display a ‘padlock’ icon. Just seeing “https://” on its own is not enough – if the padlock is not there then your connection is not completely secure.
Why it matters?
If you are seeing this icon it means any information you share with the website is not secure because the connection was made with the HTTP protocol.
There are two major threats when you connect over HTTP:
- Data that you send and receive can easily be stolen. You should never enter passwords or credit card numbers on a page showing this icon. If you do, that data is being sent onto the internet without encryption where it could be read and stolen by other parties that can view internet traffic.
- The content on the page could be modified or replaced using a ‘man-in-the-middle’ attack. This could be obtrusive – such as inserting advertisements onto the page, or malicious – such as stealing cookies. This threat is significantly more likely when you are on public wifi networks such as at the airport or a coffee shop.
Many websites still use HTTP, but any site that asks you for personal or financial information needs to be using HTTPS or they cannot make any guarantees about the safety of your information. It’s always better to use HTTPS – even when you are just browsing. But there is less danger if you are not giving sensitive information.
The security of your connection can change on every page of a website. That is because the server running the website may only provide a secure connection on certain areas of the site – such as during the checkout process.
Before you enter your login or financial information double check that you are seeing the padlock icon, which indicates your connection is secure.
Most websites that support HTTPS use it by default. But you can try adding “https://” to the beginning of a URL to test if the site supports it. If Chrome returns an error or cannot display the page, then that site does not support HTTPS. It is up to each website to support the HTTPS protocol – there is nothing you can do on your end to fix this (besides contact the site to tell them).
It is important to know that HTTPS and the ‘padlock’ can only tell you about the security of your connection – the padlock icon does not guarantee the site you are on is legitimate. You can have a secure connection with a phishing site; similar to how a stock being listed on the New York Stock Exchange does not mean it’s a safe investment.
So don’t let your guard down just because you see the padlock! Always check the URL to make sure you are on a legitimate site and still use your sense of caution when giving information to a new site.