Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Here's Where Google Hid Chrome's SSL Certificate Information' (vortex.com)

Posted by EditorDavid on from the searching-for-certs dept.

"Google Chrome users have been contacting me wondering why they no longer could access the detailed status of Chrome https: connections, or view the organization and other data associated with SSL certificates for those connections," writes Slashdot reader Lauren Weinstein, adding "Google took a simple click in an intuitive place and replaced it with a bunch of clicks scattered around." Up to now for the stable version of Chrome, you simply clicked the little green padlock icon on an https: connection, clicked on the "Details" link that appeared, and a panel then opened that gave you that status, along with an obvious button to click for viewing the actual certificate data such as Organization, issuance and expiration dates, etc. Suddenly, that "Details" link no longer is present...

The full certificate data is available from the "Developers tools" panel under the "Security" label. In fact, that's where this info has been for quite some time, but since the now missing "Details" link took you directly to that panel, most users probably didn't even realize that they were deep in the Developers tools section of the browser.
On some systems you can just press F12, but the alternate route is to click on the three vertical dots in the upper right, then select "More Tools", and then "Developer Tools". (And if you don't then see "Security", click on the " >>".)

10 of 105 comments (clear)

  1. Re:Which version? by BenJeremy · · Score: 5, Insightful

    v58 has the lock icon, but no details about the cert.

    What a stupid decision to remove details. I'm really more interested in the reason for this idiocy, but I'm guessing the person responsible is too much of a coward to face the criticism and be held accountable.

  2. Obscurity is... by lloy0076 · · Score: 3, Funny

    ...security? Isn't it?

  3. Re:Which version? by mysidia · · Score: 5, Interesting

    I don't know.... But this issue needs to get Security Vulnerability status, Because I am sure considering it as one.

    I was previously recommending Chrome above Internet Explorer for security reasons, but because of this issue I have to reverse that now......

  4. Leave a comment at the link by hudsucker · · Score: 4, Interesting

    The "Details" link was replaced by a "Learn more" link, which leads to a less than useful Chrome Help page. That page lets you submit a comment as to how helpful the page is. If the "Learn more" link is not helpful in viewing the security certificate, we should leave a comment to tell them that.

  5. That's a great idea, google... by QuietLagoon · · Score: 5, Insightful

    Make it more difficult to check the security cert when I'm browsing. What bright spark at google came up with this idea?

  6. Re:Google management is now often sloppy. by johannesg · · Score: 5, Insightful

    It's called "alphabet" in an open and blatant reference to "alphabet agencies". It's for the people who didn't realize Google is an extension of the CIA, NSA, etc.

  7. Re:Which version? by thegarbz · · Score: 4, Interesting

    I'm really more interested in the reason for this idiocy

    I'll take a guess. Google the absolute master of telemetry and information gathering probably noticed that it was one of the least used buttons on the screen and that yet another option just adds to the confusion for end users in that already massive menu. They probably also could correlate people who use developer tools with people who would actually check the details of a security certificate.

    I've done it once this year. Wanted to check if my own security cert updated correctly on my website. Developer tools is a great place for that information, and let's face it, no normal user ever checked the certificate. Hell back before the little green / red bars, back before they said secure, back when we were actively telling users to check the status by clicking up there no one did it.

  8. Re:Which version? by bmo · · Score: 4, Insightful

    A rock is the perfect design then.

    Since it has no features except the physical ones, it is as minimalistic as it can get.

    It does have uses, though.

    You can throw it at the minimalist developer/designer's head.

    --
    BMO

  9. Re:Which version? by 93+Escort+Wagon · · Score: 3, Insightful

    What a stupid decision to remove details. I'm really more interested in the reason for this idiocy, but I'm guessing the person responsible is too much of a coward to face the criticism and be held accountable.

    Having filed bug reports / feature requests agains Chrome a few times in the past, and having been involved in a few tedious back-and-forth exchanges with Chrome developers... I'm reasonably confident in saying any communication which might happen regarding this removal will boil down to: "We at Google know better than you".

    But it's not cowardice - it's arrogance.

    --
    #DeleteChrome
  10. That may be the reason that they hid it by Chrisq · · Score: 3, Interesting

    And if you go to the security section in chrome and check the slashdot cert you see "and an obsolete cipher (AES_256_CBC with HMAC-SHA1)" ! So slashdot should really update to a better than sha1 certificate to be really secure!

    That may be the reason that they hid it. Naive users might get worried about this sort of warning. Of course SHA1 is still good enough for sites like Slashdot, nobody is going to use the immense computational time required to break SHA1 so that they can mess up your karma.