Mozilla wants to prevent confusion and clean up the Firefox UI
Firefox 12 is about to make its appearance, but the interesting things are happening further up the stream, in the nightly builds for example. One of the latest changes to Firefox 14, one that is once again inspired by Chrome, is the removal of favicons from the address bar, the AwesomeBar as it's called in Firefox.There are a couple of reasons for this, for one the information is redundant, the favicon is already visible in the tab. Granted, it's easier to spot in the AwesomeBar than in the tab bar, especially if you have many tabs open, but it's not something that most people will miss.
Mozilla has been working in cleaning up the Firefox UI and removing unnecessary elements. The forward button was removed a few versions back, on Windows, unless there really is a page to go forward to.
Plenty of other tweaks and changes have had the same goal, and that is removing unnecessary clutter. So removing an element that is already visible in another part of the UI is an obvious move.
Already, the case against the AwesomeBar favicon looks strong, but the biggest reason for the removal is security. Its placement next to the security elements that indicate whether a page uses a secured HTTPS connection or an unencrypted HTTP one made it a target for websites that use favicons that mimic the lock that Firefox uses.
"Since the dawn of time, we have included the site favicon in the address bar as part of the site-identity block. While the favicon can represent a piece of a site’s identity, there are some sites that set their favicon to a padlock," Mozilla's Jaren Wein wrote on his blog.
"This behavior can trick users into thinking that a site is using a secure connection when on an unsecured connection. Starting with yesterday’s Nightly, we will no longer include the favicon in the address bar," he announced.
Starting with Firefox 14, sites that use SSL certificates with Extended Validation will have green padlock icon in the address bar, but they will also have the name of the certificate’s owner.
Sites using SSL certificates without Extended Validation will have a gray padlock and no name. Finally, regular websites or those that only encrypt some elements will get a globe icon. All of them look very similar to Chrome's.
The changes are for the good, though the fact that the same icon will be used for plain HTTP sites as well as for sites having mixed content, i.e. the connection to the main domain may be encrypted but there may be scripts on the page which don't use an encrypted connection, will likely cause more confusion rather than less.
Users will see the same icon for plain sites and will see it for sites that have HTTPS in their URLs and they will not know why.