According to the blog of Mozilla Software Engineer Jared Wein, M.Sc, the Firefox team has just killed off the age-old favicon in yesterday’s nightly build. Wein states that the changes are set to arrive in the release channel in mid-July, and are intended to increase security for users, while reducing overall visual weight.
The problem, apparently, arrises when sites decide to use tricky favicons such as padlocks to give off a false sense of security. According to the blog post, “this behavior can trick users in to thinking that a site is using a secure connection when on an unsecured connection.” Because of these offenders, starting with yesterdays’s nightly, Firefox will no longer include the favicon in the address bar.
More details on what’s changing:
Websites that use SSL certificates with Extended Validation will now have a green padlock next to the certificate owner’s organization name.
Websites that use SSL certificates without Extended Validation will now have a grey padlock. The effective hostname will no longer appear next to the padlock. This information is redundant with our darkening of the effective hostname in the website address.
Websites that do not use SSL certificates or have mixed-content will fallback to a globe icon.
The follows the Chrome team’s decision to rid the URL bar of any favicons. The question we now have is, will Firefox now include the favicon up in the site tabs as Chrome does? If not, this may be the end for our favorite, low res icons.
Since this is just in the nightly build, there is a chance the move will be reversed later on. In all honestly though, it looks like the decision wasn’t made lightly.
Soon all Firefox users may have to kiss the favicon goodbye, as the Mozilla switches over to monotonous globes and padlock icons, as you can see in the images above. I completely understand making the move for security’s sake, but it also feels like they’re taking it too far. What authority does Firefox have to completely eradicate the favicon without consulting the public? Technically, they have the right to do what every the heck they want, but is this move the only way to go about hiding fraudulent SSL-esque favicons? What does this say about the future of the favicon and all other icons that sites use to identify themselves, like Apple’s touch icons?
Update: We received word that Firefox has no plans to remove favicons from tabs.
— Jared (@weinjared) April 24, 2012