Chrome may soon only show the root domain name by default
Google plans to run an experiment in the Google Chrome web browser that hides all but the root domain name in the browser's address bar.
Google notes that URLs are the primary means to identify and authenticate a website; just a look at the root domain name should suffice but a recent study that Google ran suggests otherwise. While participants were able to identify legitimate URLs 93% of the time, only 40% were able to identify obfuscated URLs correctly. In other words: 60% of participants had troubles identifying legitimate from illegitimate addresses simply by looking at the URL.
Attackers may use a variety of different techniques to obfuscate URLs. Some of the options include using IP addresses, use a familiar name as a subdomain, use typos, or use uncommon or unfamiliar top level domains. Only 25.8% of all participants identified addresses with long subdomains correctly, according to Google's Research Paper.
Participants of the study had lots of issues identifying legitimate sites correctly. Many of the transformations are used in phishing attacks and other forms of attacks that are common on today's Internet.
Google plans to collect real-world usage to find out if the exclusive showing of the root domain name is beneficial in regards to identifying the legitimacy of Internet sites.
The company plans to display the limited URL display to part of Chrome's stable userbase to collect the data. The screenshots below show how Chrome will display the URL in the upcoming version of the browser for users who were selected for inclusion in the study.
The full URL is shown if the user hovers the mouse over the address bar. The right-click context menu option to select "Always show full URLs" is also available in that version.
Chrome 86 includes several flags that users may enable or disable to join the experiment or to leave it. The following flags are important:
- chrome://flags/#omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover -- Determines whether the full URL is displayed on hover.
- chrome://flags/#omnibox-ui-sometimes-elide-to-registrable-domain -- hides subdomains, path, query and ref from "steady state displayed URLs depending on heuristics" occassionally.
- chrome://flags/#omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction -- starts to hide parts of the URL when the user starts to interact with the page, e.g. by scrolling.
Google will analyze the experiment's data and use it to make a decision. Whether that means that Chrome will only show the root domain by default in the future is not clear at this point, but the likelihood that it could happen is there.
Most advanced users may prefer to show the full address all the time, and most probably don't mind the hiding as long as there is an option to permanently display the full URL in the address bar.
Now You: What is your preference, and why?Advertisement