Chrome may soon only show the root domain name by default - gHacks Tech News

ADVERTISEMENT

Chrome may soon only show the root domain name by default

Google plans to run an experiment in the Google Chrome web browser that hides all but the root domain name in the browser's address bar.

Google notes that URLs are the primary means to identify and authenticate a website; just a look at the root domain name should suffice but a recent study that Google ran suggests otherwise. While participants were able to identify legitimate URLs 93% of the time, only 40% were able to identify obfuscated URLs correctly. In other words: 60% of participants had troubles identifying legitimate from illegitimate addresses simply by looking at the URL.

Attackers may use a variety of different techniques to obfuscate URLs. Some of the options include using IP addresses, use a familiar name as a subdomain, use typos, or use uncommon or unfamiliar top level domains. Only 25.8% of all participants identified addresses with long subdomains correctly, according to Google's Research Paper.

Participants of the study had lots of issues identifying legitimate sites correctly. Many of the transformations are used in phishing attacks and other forms of attacks that are common on today's Internet.

Google plans to collect real-world usage to find out if the exclusive showing of the root domain name is beneficial in regards to identifying the legitimacy of Internet sites.

The company plans to display the limited URL display to part of Chrome's stable userbase to collect the data. The screenshots below show how Chrome will display the URL in the upcoming version of the browser for users who were selected for inclusion in the study.

chrome hide url show on hover

The full URL is shown if the user hovers the mouse over the address bar. The right-click context menu option to select "Always show full URLs" is also available in that version.

Chrome 86 includes several flags that users may enable or disable to join the experiment or to leave it. The following flags are important:

  1. chrome://flags/#omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover -- Determines whether the full URL is displayed on hover.
  2. chrome://flags/#omnibox-ui-sometimes-elide-to-registrable-domain -- hides subdomains, path, query and ref from "steady state displayed URLs depending on heuristics" occassionally.
  3. chrome://flags/#omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction -- starts to hide parts of the URL when the user starts to interact with the page, e.g. by scrolling.

Closing Words

Google will analyze the experiment's data and use it to make a decision. Whether that means that Chrome will only show the root domain by default in the future is not clear at this point, but the likelihood that it could happen is there.

Most advanced users may prefer to show the full address all the time, and most probably don't mind the hiding as long as there is an option to permanently display the full URL in the address bar.

Now You: What is your preference, and why?

Summary
Chrome may soon only show the root domain name by default
Article Name
Chrome may soon only show the root domain name by default
Description
Google plans to run an experiment in the Google Chrome web browser that hides all but the root domain name in the browser's address bar.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Anonymous said on August 13, 2020 at 2:32 pm
    Reply

    just like safari.

  2. Iron Heart said on August 13, 2020 at 2:33 pm
    Reply

    Largely a non-issue, Ungoogled Chromium will still be working as before. Other Chromium-based browsers like Vivaldi or Brave will also do something about that. That being said, this trend of shortening the URL is not appreaciated by me at all. However, cosmetic changes usually only hit Chrome directly.

    1. Klaas Vaak said on August 13, 2020 at 5:25 pm
      Reply

      @Iron Heart: do you know what the reason is that Google is forcing this through. They have been at it for quite a while now, taking small steps at the time but progressing nevertheless.

      What is in it for them? What do they gain by facilitating malicious obfuscating activity?

      1. Iron Heart said on August 13, 2020 at 6:09 pm
        Reply

        @Klaas Vaak

        Hiding AMP most likely, AMP is tracking-heavy. If you are worried:

        https://chrome.google.com/webstore/detail/redirect-amp-to-html/kifkmmpiicbcnkjaliilaoeaojlldonl

      2. Klaas Vaak said on August 13, 2020 at 6:35 pm
        Reply

        @Iron Heart: thanks. I had already installed that extension but forgotten why, and had not bothered to recheck.

    2. Amonymous said on August 14, 2020 at 5:07 pm
      Reply

      …can anyone explain why would Google do this? I honestly don’t understand why.

      1. Iron Heart said on August 15, 2020 at 1:24 am
        Reply

        @Anonymous

        As I stated above, they do this to hide accelerated mobile pages (AMP). Let’s say you to to WordPress, Google does want you not to use the plain HTML version of the page, but rather the version using their AMP framework, as that makes tracking life easier for them. In both cases the address bar would now display “WordPress”, leaving no hint that you are actually using AMP (which you could see in the full URL). The extension I linked to above prevents this by redirecting you from AMP to plain HTML. In case you want a detailed report on why AMP is problematic, I recommend these two articles:

        https://www.polemicdigital.com/google-amp-go-to-hell/

        https://stop.zona-m.net/2018/01/why-i-do-not-like-googles-accelerated-mobile-pages-amp/

  3. md said on August 13, 2020 at 2:37 pm
    Reply

    Anyone with an functioning brain can see that the end-goal for Google is removing URLs as a concept so that all Internet consumption is basically siphoned through google.com. Basically a fucking Yahoo index from the 90s.

    [Editor: removed, please no swearing]

    1. Iron Heart said on August 13, 2020 at 3:18 pm
      Reply

      @md

      Will be very hard to do without closed-sourcing Chromium (which they won’t, since they heavily rely on outside contributions and have no interest in someone like Microsoft forking it), they other Chromium-based browsers can’t be forced to adopt this and cosmetic issues are an easy fix.

      By the way, Mozilla is lending them their helping hand (seriously, it’s still on the gHacks front page): https://www.ghacks.net/2020/08/10/new-firefox-for-android-wont-show-full-urls-in-address-bar-just-like-chrome/

  4. TelV said on August 13, 2020 at 2:42 pm
    Reply

    Sounds like another good reason not to use Google Chromium.

    Getting rid of the protocol was bad enough, but this latest proposal will only serve to confuse users even more.

    1. Iron Heart said on August 13, 2020 at 3:14 pm
      Reply

      @TelV

      Chromium ≠ Chrome

      Just because Google force-feeds its Chrome users with that doesn’t mean that other Chromium derivatives have to. Chromium is open source.

      Notably, Ungoogled Chromium is guaranteed not to do this.

      PS: What else do you suggest using? Firefox shortens the URL as well; on desktop you can revert this by digging the related setting out in about:config, but on mobile, where about:config was removed recently, you are also stuck with that.

  5. mj said on August 13, 2020 at 3:03 pm
    Reply

    I think it’s fine, as long as you can get full url by ctrl+L shortcut, or clicking on the url bar.

  6. Ross Presser said on August 13, 2020 at 3:08 pm
    Reply

    “Trust us, we’re definitely showing you the page you want to see and not some other page. Honest!”

    Hide the protocol. Hide the full URL path and querystring. Hide the full hostname. Next will be hiding the domain and just putting the word “Ghacks” up there vaguely. It’s thoroughly insane.

    Chrome is turning into malware in the service of advertising.

  7. John said on August 13, 2020 at 3:11 pm
    Reply

    That’s “cool”. People already don’t know about URLs and the next step will be to hide it completely. They want to control everyone and they’ll help all scamers and spamers.

  8. UsedFirefoxFor12Years said on August 13, 2020 at 3:26 pm
    Reply

    Mozilla will probably follow 2 months later, as they love nothing more than copying Chrome.

  9. Derek Teague said on August 13, 2020 at 3:28 pm
    Reply

    I see I am in the minority here, but I also support users every day. I do think this will help people not fall for phishing attacks and showing when hovered over is a good compromise. The url is still editable, and the right click “always show” allows people that want to see more info all the time do so. I am also glad to see that when the box is clicked in it does show https:// that it doesn’t do right now.

    1. Herman Cost said on August 13, 2020 at 4:51 pm
      Reply

      I can’t imagine why anyone would want to use Chrome. Google does everything it can to make sure they can give you the illusion of having some privacy while making sure that they can still suck up your data for advertising purposes. This is just one example of many. Why would you allow that if you did not have to do so? I’m well aware of the issues associated with Chromium and the few remaining non-Chromium browsers. But lets be very clear; Chrome is the primary problem. I deleted it off my various devices a couple of years ago and have never missed it in any way.

      1. flubbers said on August 13, 2020 at 9:03 pm
        Reply

        @Herman Cost

        So you lack imagination and you pretend to be “clear” with nothing more than extreme claims.

        Hmm.

    2. Ryan F said on August 13, 2020 at 8:53 pm
      Reply

      @Derek

      As another technician tasked with supporting users who don’t know how to use computers, I agree with you 100%.

  10. phm said on August 13, 2020 at 3:36 pm
    Reply

    why not only bold/color root and domain

  11. Claymore said on August 13, 2020 at 3:40 pm
    Reply

    First: Spamdexing
    Second: Hide the full URL in the search results
    Third: Show only the root-URL
    Fourth: Malware/Scam
    Fifth: Google implements a proprietary protection for the self made problem
    Sixth: Chrome is the only browser left

    Yep. That’s the way of Google. Firefox (at least for now with about:config) and Vivaldi are the only browsers left, beating a bit the sh*t out of this dumb behavior. Don’t try to convince me with Brave: Nope, thanks.

    1. vanp said on August 14, 2020 at 4:25 am
      Reply

      What’s wrong with Brave?

      1. Iron Heart said on August 14, 2020 at 8:30 am
        Reply

        @vanp

        There is literally nothing wrong with it. The top two “criticism” hurled at Brave are the following two allegations:

        – That they have supposedly whitelisted Facebook and Twitter trackers from their internal ad- and tracker blocker. This is of course false, what they did was to whitelist some necessary cookies without which these websites would flat out refuse to work, i.e. you could not even log in. They did this because shipping a browser that can’t even make Facebook and Twitter work correctly would be suicidal, plus those in the community having a Facebook and Twitter account were up in arms about them not working, so the team relented. The whitelist is accessible in its settings, in case you don’t care about Twitter or Facebook. Last but not least, other browsers were never blocking the elements Brave had to whitelist in the first place.

        – They have provided suggestions in the address bar which contained a referal. While they did indeed do this, it only happened on a few partner websites that are clearly marked as such on the Brave website (partners were mostly related to the topic of cryptocurrency). Now, what was the purpose of the referal? The sole purpose of the referal was to differentiate Brave users from the myriad of Chrome users visiting those websites anyway, i.e. Brave’s partners in the field of cryptocurrecy had a vested interest in how many Brave users visited their websites, as the Brave browser is somewhat crypto-centric. Identification of individual Brave users based on the referal was impossible, as all Brave users accessing those few websites were using the same referal link, so it was never a privacy issue. Nevertheless, the incident led to the community being up in arms over literally nothing and journalists who clearly lacked understanding of the technical background spreading fake news (gHacks being a notable exception). The practice of using referals has since been ended(!) in the Brave browser, despite it being totally acceptable and still ongoing in other browsers (Vivaldi attaches a referal every single time you search for something within the browser, for example, in order to generate search revenue by letting their partners count how many Vivaldi users have used their search engine) and it never having been a privacy issue.

        Those are really the main two “criticisms”, both are nonsense and have been way overblown to deliberately damage the Brave project, which produces one of the most privacy-respecting browsers out there. Here is my own setup if you are interested:

        https://www.ghacks.net/2020/07/05/behave-for-chrome-and-firefox-warns-you-of-port-scans-and-local-attacks/#comment-4467393

      2. vanp said on August 18, 2020 at 4:55 am
        Reply

        Iron Heart, thanks for the info.

      3. Iron Heart said on August 18, 2020 at 8:23 am
        Reply
  12. Anonymous said on August 13, 2020 at 4:11 pm
    Reply

    The ideologues at google ruined their search engine, they may as well ruin their browser as well.

  13. kalmly said on August 13, 2020 at 4:17 pm
    Reply

    Change for the sake of change, and usually not beneficial to users. Is that so software vendors can say they are constantly updating their software?

  14. Sam said on August 13, 2020 at 4:18 pm
    Reply

    Hiding AMP anyone?

    1. Klaas Vaak said on August 13, 2020 at 6:38 pm
      Reply

      @Sam: I installed it a long time ago, and forgotten why until @Iron Heart ttold me about it above.

    2. Stella said on August 14, 2020 at 9:25 am
      Reply

      First thing that came into my mind!

  15. Allwynd said on August 13, 2020 at 8:23 pm
    Reply

    This changes very little for me, I’m not even sure it’s newsworthy.

    I’d be more curious to know about that “Unsafe Download Blocking” that’s said to come with Chrome 86, and from what I understand, Chrome will “decide” on its own which downloads are safe and which aren’t and it will cause me trouble when trying to download things.

    1. Anonymous said on August 13, 2020 at 8:57 pm
      Reply

      When the takeover is incremental and not “news worthy” the result is a boiled frog. I’d say it’s already pretty damn hot in here.

  16. Ryan F said on August 13, 2020 at 8:52 pm
    Reply

    I’m hesitant to jump on the conspiracy theory bandwagon. As long as the full URL is still accessible by some means, I see this as a good thing. I truly do not mean to sound like I’m belittling people, but people are terrible with computers. As part of my job, I deal with users who literally don’t know what I mean when I ask them to “open a web browser.” Any little thing that will help users like this to stay safe while using the internet is fine by me. There are far more egregious things Google is guilty of that I’m worried about.

    1. customer support said on August 13, 2020 at 9:09 pm
      Reply

      I had a customer try to sign into her email via the Google search bar.

      There’s a lot of idiots out there.

  17. Paul(us) said on August 13, 2020 at 10:28 pm
    Reply

    Simpel.
    Always the full address all the time.
    More info is always a good thing because than I can understand what I am doing.

  18. Anonymous said on August 13, 2020 at 11:20 pm
    Reply

    Useless change. What purpose does that serve? Save 000.1% pixel on my 8k monitor?

    1. Stella said on August 14, 2020 at 9:28 am
      Reply

      You still use 8k? pfff, 32k 960Hz monitors are the future.

  19. slimshady said on August 14, 2020 at 10:19 am
    Reply

    This is not the only thing the International Cabal have done to pull wool over peoples eyes and losing touch with reality, have you noticed how lot’s of web pages, such as YouTube, doesn’t publish exact date when someone leaves a comment under a video, it looks rather like…

    48 minutes ago
    16 hours ago
    2 days ago
    3 weeks ago
    6 months ago
    1 year ago (this one is tricky, the post can be up to near 2 years old, minus 1 day!)

    how can you save a copy of, say an article, and, let say at some time much later, share it with someone and not being able to acknowledge when the article actually was posted because the copy doesn’t have time/date stamp, it can for example be forever “3 days ago” old, even after 1000 years, this phenomenon was introduced several years ago and sort of happened over “one night” when suddenly lot of major web pages took this horrible route that keep us in a blind state, apparently a dark force doesn’t want as to be in sync with reality, it’s a massive psyop and this is only one tiny matter out of many others.

    1. Crazy Bob said on August 18, 2020 at 12:34 am
      Reply

      @slimshady

      I agree with you 100%. This is clearly a move by the International Cabal to control us.

      I have already gone down into my survival bunker and locked the door.

      1. douchebag said on August 19, 2020 at 3:49 am
        Reply

        @Crazy Bob

        “I have already gone down into my survival bunker and locked the door.”

        Well, while it’s a serious matter that’s a little bit too silly if you’re going to lock yourself in… but I guess if you are a “crazy bob” it may be necessary, I wont though.

  20. aztazt said on August 16, 2020 at 2:05 am
    Reply

    No no no no !
    We’se seen some phishing attacks that use legit domain names (like windows.net) to serve their malicious phishing forms. The full URL can tell the user that the website is not trustworthy, but the only root domain can’t.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.