Jul 10 2017

Recent and Continuous Changes

Published by

Without warning or notification to users or website owners, the EVC appearance in the URL changed in early October 2016, in Chrome. Prior to October 2016, the interface in the URL appeared as a green bar, as seen in Figure 1 below. After the sudden change, the green bar was removed, in favour of green text with a white background (Figure 2). While this appearance is less noticeable and looks less ‘clickable’, it does match the appearance of the EVC in Firefox and Edge. We are unsure of the reason for the change: it may well be connected with the study by Felt et al. (2016) on regularizing indicators.

 

Figure 1. EVC appearance on Chrome before October 2016.

Figure 2. EV appearance on Chrome after October, 2016.

 

Another shift in their appearances occurred in January, 2017, where the appearance of EVCs was resigned, as shown in Figure 3. However, this change only lasted for two months. As of March, 2017, the appearance reverted to the format seen in Figure 2.

Figure 3. EV appearance on Chrome in January, 2017. Now a DV cert. 

However, now, the procedure to get more information has changed and can no longer be accessed through clicking on the green text in the EVC (Figure 4). All certificate information now has to be accessed through a separate menu, in the settings option on the far right of Chrome’s chrome (Figure 5). Then, a security tab needs to be accessed by clicking on arrows to show more options (i.e. it is not immediately accessible).

 

Figure 4. Old procedure to view certificate information (before March, 2017) .

Figure 5. Current procedure to view certificate information (After March, 2017) .

Continuously changing the interface, without notification, makes it hard for users to understand and keep track of what symbols they can trust and what each means. It also makes it hard for CAs to advertise and explain their products, when they do not know how it will appear in a browser. Public safety educators also struggle to keep up with the changes in the interfaces, potentially teaching irrelevant material to users. Thus, users, website owners, CA’s and online public safety educators should be notified of changes made to certificates, and especially EVCs, to help everyone identify genuine websites easier.

The new certificate appearance and procedure to acquire more information about website ownership need to be tested with users, for usability, visibility, and recognisability.