Google Temporarily Brings Back the www In Chrome URLs -- But Should They?

An anonymous reader quotes Digital Trends: With the launch of Chrome 69, Google stunned users last week with a surprising decision to no longer display the "www" and "m" part of the URL in the Chrome search bar, but user backlash forced Google to soften its stance. Google's course reversal, although welcomed by users, is only short term, and the search giant said it will change course once again with the release of the Chrome 70 browser....

Critics have argued that by not displaying the special-case subdomains, it was harder for users to identify sites as legitimate, and the move could lead to more scams on the internet. Others go as far as questioning Google's motives for not displaying the "www" and "m" portion of a web address, and these users speculated that the move may be to disguise Google's AMP -- or Accelerated Mobile Pages -- subdomain to make it indistinguishable for the actual domain....

With the launch of Chrome 70, Google plans on hiding the 'www' portion of a web address inside the search bar, but it will continue to display the 'm' subdomain. "We are not going to elide 'm' in M70 because we found large sites that have a user-controlled 'm' subdomain," Google Chromium product manager Emily Schecter said. "There is more community consensus that sites should not allow the 'www' subdomain to be user controlled."
ZDNet notes that while Chrome's billion-plus users were surprised, "Apple's Safari likewise hides the www and m but it hasn't caused as much concern, likely because of Google's outsized influence over the web and Chrome's dominance of the browser market."

TechRepublic quotes a community feedback post that had argued that "Lying about the hostname to novices and power users alike in the name of simplifying the UI seems imprudent from a security perspective."

don't mess with URLs

[Anonymous Coward]

URLs should be displayed as they are, not interpreted, not dumbed down for dumb users, not altered in any way.

Anything else poses security risks to people who know what they're doing, and further enables absolute idiots who have no business being anywhere near a computer and are too stupid to figure out even the basics of how anything works. We all have enough trouble with those.

Speaking of idiots, in about 5 posts expect to see some moron trying to say this is all Donald Trump's fault since every other discussion around here seems to devolve into that.

Re:don't mess with URLs

[Script Cat]

This, and It should display the resolved IP address too. There's no reason not to show it, except to keep people stupid.

Re:

[cheekyboy]

Secret Service has found your IP and will 'cut' your cars break line when its rainy.

Re: don't mess with URLs

[Anonymous Coward]

How is it supposed to handle round Robin records?

Re: don't mess with URLs

[K. S. Kyosuke]

The same way it handles square Robin records?

Re:

[Anonymous Coward]

An IP address does not identify a website. A DNS and cert does. IP address are meant to be assumed arbitrary when it comes to security, except root DNS and other such critical services.

Re:

[rossz]

The people who know what to do with an IP address already know how to look up the ip address. And we are a significant minority. There is no need to clutter the display with information that is absolutely useless to the overwhelming majority of users.

Re:

[Anonymous Coward]

Speaking of idiots, in about 5 posts expect to see some moron trying to say this is all Donald Trump's fault since every other discussion around here seems to devolve into that.

Well, those comments ARE Trump's fault. :-P

Re:

[frank_adrian314159]

Well, it's not his fault, but he is an idiot and you brought up both him and his idiocy. You don't want discussion of the idiot in chief, don't bring him up yourself.

Comment removed

[account_deleted]

Comment removed based on user account deletion

in re Safari

[fyngyrz]

ZDNet notes that while Chrome's billion-plus users were surprised, "Apple's Safari likewise hides the www and m but it hasn't caused as much concern, likely because of Google's outsized influence over the web and Chrome's dominance of the browser market."

Actually it is pretty annoying. Safari has an option in the application preferences advanced tab [fyngyrz.com] to turn this malfeature off.

However, although it shows the URL from the domain name forward, including the www. portion if present, it does not show the http:// portion.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Bite The Pillow]

In what way is this a security problem? You see the base domain, what difference is www or m?

Re:don't mess with URLs

[William Baric]

Although it's common for www.mysite.com to be a CNAME for mysite.com, this is not always the case. This means Chrome might display the same URL for two different web pages.

Re:don't mess with URLs

[JMJimmy]

To me this is the issue - simple usability.

If you accidentally land on an m.site.com url from a search result the way to figure out if you should look for the non-mobile version is to look at the subdomain.

Re:

[jrumney]

It was even worse when they hid "m.", as these are often reduced functionality versions of websites, and it is sometimes important to be able to see that you've ended up there by mistake. I notice twitter has already switched from m.twitter.com to mobile.twitter.com to counter this.

Re:don't mess with URLs

[KiloByte]

On many sites there's useful www.foo and useless www.m.foo; seeing the m lets you know that a link you followed led you to the broken version, so you can immediately rectify that. Not so if that part of the URL is hidden.

Re:

[Anonymous Coward]

See here [chromium.org] and here [chromium.org]

A few examples from the issues above:

* "subdomain.www.domain.com" displays as "subdomain.domain.com".
* "http://www.example.www.example.com" turns to "example.example.com"
* "www.m.www.m.example.com" becomes "example.com".

Obviously this is all screwed up, and a web site at "example.com" and "www.example.com" and "m.example.com" can be completely different.

Re:

[duke_cheetah2003]

URLs should be displayed as they are, not interpreted, not dumbed down for dumb users, not altered in any way.

Did they fix it to show the full URL, including http:/// [http] or https:/// [https] ? Because the Chrome I have strips the http/https:// uri. I disabled the url mangling thing in settings.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[MoarSauce123]

Agree...full URL and especially protocol have to be displayed. Removing this is not only unnecessary, but can also lead to incorrect assumptions (after all, a site with www can be different than one without). Dropping the protocol is weakening security.

Re:

[MikeDataLink]

because Google's engineers are idiots.

Riiiiigght. Let's call the creators of the most successful search engine algorithm on the planet idiots. Misdirected by management? OK. Idiots? Hardly.

Re:

[sjames]

Why do you presume the same people are working on both projects?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[thegarbz]

What's a menu bar? Is it this thing described on wikipedia: https://en.wikipedia.org/wiki/... [wikipedia.org]

I don't think I've seen one in any of the programs I use. What's so awesome about it that made the entire world dump it?

But on a more serious note, Edge... Menu Bar... You're trolling off the deep end.

Yes. End of story.

[Anonymous Coward]

The URL bar should display the URL.
The URL contains a domain. It should display that domain. There is no reason to lie about the location. It is important if I am at sub.domain.tld or domain.tld. Those are different locations, served, in theory, by different machines.

If something as simple as a "www" overwhelms you, please tell your legal guardian that you have an exacerbation, and maybe a computer has become too much for you entirely. You certainly won't be tying your own shoes anymore at that level of mental disability.

Re:

[bickerdyke]

That is not related.

Remember the ISO/OSI Layer model.

Each layer has to know how to operate the layer below to communicate with an remote entity on the same layer. But not with any deeper layer. (That's the whole point of it!)

So Layer 8 (the user) needs to know how to use the http-Layer, but nothing about the transport, switching or physical layer. Yes, convenience is a thing, but you shouldn't make it harder than necessary for people who want to know what urls are by hiding or disfiguring them.

Even if makin

No.

[Anonymous Coward]

Google should PERMANENTLY stop fiddling with this bullshit. The thing in the address bar is not a aol or compuserve keyword. It's an URL, that's a protocol, a hostname, and then whatever random trash you need to feed the webmonkeys' infernal machine to give it what you want -- which might be a file name, lots of parameters, or whatever else. Trying to hide some part of it because it confuses the lusers will not un-confuse the lusers, they are permanently confused anyway. It will now also confuse the slightly-more-savvy, and annoy the experts.

I say we really ought've come up with a better interface than google, mozilla, or redmond, or really most everyone else "big", have managed so far. Something that Just Does Not Care about what lusers "think", but is straight-up clear and honest about the technical side of things. The absence of such a thing just goes to show that nobody knowledgeable is actually active in this space. Webmonkeying breeds webmonkeys. Whodathot.

Re:

[Anonymous Coward]

Oracle lost MySQL, open office, and other blather, because they not only couldn't read the marketplace -- they were overbearing and heavy handed.

Google Chrome can only implement so many mistakes before market share moves away, and someone can always fork it. This kind of change -- a missing www, doesn't seem to me, to be enough to cause a mass loss of users. But it shows a heavy-handedness, an excessive zeal to manipulate using market share, and bad decision making all in one.

Which means? More of this ma

Re:No.

[HumanEmulator]

They're not going to stop fiddling, because the long-term goal is to eliminate URLs from the interface. They want you to do Google searches for websites instead of entering some "confusing" direct address. Hiding more parts of the URL is another gradual step towards making the address bar into a pure Google search bar. Average-Joe user will see no harm in this and probably even think it's a good idea.

stuff that works

[pD-brane]

Why change things all the time (and waste the users' time) when things don't get better? I.e., why not leave the URL alone?

simplifying the UI

How is removing information like www. a simplification of the user interface?

Re:

[bobstreo]

I guess google looked at URLs and decided that not displaying http:/// [http] or https:/// [https] was too hard. /s

If they're eliminating the www, does this mean they will also get rid of the ftp for ftp servers?

Re:

[bn-7bc]

I’m going to assume that you are not trolling. FTP is a protocol for file transfers (unencrypted if you are not doing frp over tls) it has fallen out of fever lately due to restrictive firewalls usualy blocking it so it is often more convenient (at least for downloads) to just having them on a web server.

Re:stuff that works

[thegarbz]

How is removing information like www. a simplification of the user interface?

In the same way as only offering one flavour of sandwich at the canteen simplifies buying lunch.

You will eat / watch what we want you to.

Re:

[jareth-0205]

Why change things all the time (and waste the users' time) when things don't get better? I.e., why not leave the URL alone?

simplifying the UI

How is removing information like www. a simplification of the user interface?

Same reason we don't show the port number - it's usually pointless information that is irrelevant. And no I'm not saying it's always useless, and that there's no case where this won't be annoying or harmful, but obviously it does simplify the address. Those people posting on this story with unwavering views that this is a non-changable thing, are forgetting that we already remove information from the URL.

Re:

[JesseMcDonald]

Same reason we don't show the port number - it's usually pointless information that is irrelevant.

The port number is only hidden when it's equal to the standard port number. If you see an HTTP or HTTPS URL without an explicit port number you still know exactly what the port is. The same is not true for domain names: with this UI change, "example.com" in the address bar could represent either "example.com" or "www.example.com", which do not necessarily refer to the same content, or even the same server.

I don't see this as "simplifying" the UI. A better term would be "simplistic". UIs should be "as simple

Re:

[Billly Gates]

This was the downfall of Gnome, KDE, and Firefox. Damn, Chrome is so powerful now and CSS and HTML are so much more advanced than the past that I don't think another browser can pop up to replace it sadly.

Re:

[Anonymous Coward]

Actually, some people do actually use Safari on the desktop, despite your claim. Personally there are aspects of the Chrome UI that I dislike and it was for sometime, a bit of a resource hog.

And the article is incorrect about safari dropping www. That happens often at the website level where the website itself redirects from www.domain to domain. That is not a function of the browser, the browser it following the re-direct and showing the correct data. www.cnn.com for example stays www.cnn.com. if I use the

The headline is exactly incorrect

[Junta]

"With the launch of Chrome 70, Google plans on hiding the ‘www’ portion of a web address inside the search bar"

They are putting the 'm.' back in, not www. They are basing this on a rough idea of not knowing of a 'www.' that differs from the top level of a 'large' site, rather than some hard and fast rule.

The simple fact of the matter is it is a dumb idea. It doesn't make urls any friendlier (who in the world honestly believes that www. and m. are the thing that can make urls hard?), but it does potentially cause confusion.

As to calls of 'but Apple can...', the difference is that browser has less than 4% of the share of the desktop market, and those people are the unbelievably loyal to Apple. On the mobile browser, the url situation is already pretty useless given the limited screen real estate.

Re:

[Junta]

Didn't realize that in chrome 69 they changed and 70 is next, not the reversal... in any event.. ugh..

Safari Doesn't Hide It

[Actually, I do RTFA]

Safari has a "web site" view that shows the domain (and only the domain, with a lock/none for http/https). This view doesn't show the www or m sudomains (but does show others). It also doesn't show the rest of the URL. As soon as you ask Safari (by clicking), it goes back to a complete URL.

Contrast this with Chrome, where I cannot even get it to display the protocol in any way. One's a simplification with the ability for more info. The other is Google being a dick.

Re:The headline is exactly incorrect

[93 Escort Wagon]

It doesn't make urls any friendlier (who in the world honestly believes that www. and m. are the thing that can make urls hard?), but it does potentially cause confusion.

I don't think this is really about “www” or “m”. It’s probably the first in a series of longer-term changes Google intends to make which benefits them more directly - perhaps by obscuring the fact that people are viewing pages through some custom Google domain, like AMP.

I suspect Google’s longer-term play is to somehow get people viewing the web but never actually leaving google.com - more or less adopting one of Facebook’s operational principles. But it starts with a relatively innocuous move like this one.

Re:

[Anonymous Coward]

I don't think this is really about “www” or “m”. It’s probably the first in a series of longer-term changes Google intends to make which benefits them more directly - perhaps by obscuring the fact that people are viewing pages through some custom Google domain, like AMP.

I suspect Google’s longer-term play is to somehow get people viewing the web but never actually leaving google.com - more or less adopting one of Facebook’s operational principles. But it starts with a relatively innocuous move like this one.

So making the Google Chrome web browser into the America OnLine (AOL) application in which everything you do is determined by Alphabet Inc. Their version of the World Wide Web can be called Alphabet OnLine (AOL) too.

Re:

[bickerdyke]

shouldn't they hide the END of urls then?

If you want to hide that www.slashdot.amp.google.com is served using AMP on Google servers instead of www.slashdot.com, dies hiding the www really help?

Don't chucklefuck the url

[xack]

Doing so makes Chrome the Phisherman's friend. Pale Moon seems to be the only modern browser that has the courage to show the full url by default.

Re:

[swillden]

Doing so makes Chrome the Phisherman's friend. Pale Moon seems to be the only modern browser that has the courage to show the full url by default.

The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.

Re:

[q4Fry]

The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.

Fine. So check for that instead and mark domains with non-locale or lookalike characters.

Re:

[swillden]

The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.

Fine. So check for that instead and mark domains with non-locale or lookalike characters.

Would only work if it the characters allowed were defined in a standard, and we added some mechanism for domain owners to specify what locale is allowed for URLs in their domain. As it is, there's no way to distinguish the legitimate from illegitimate URLs. You could pick some rules that would be right 99.9% of the time, but would incorrectly penalize legitimate URLs

The mistake is made, URLs are what they are and they're not a trustworthy indicator, not even to people who know what they're doing much le

Re:

[q4Fry]

I don't care about what the site owners say; they could be evil. Wasn't that your point?

The browser knows my locale. If I'm in en-GB, let me know if I hit a domain with maths characters (or Turkic, etc.). Yes, it will penalize websites outside of my locale, but maybe I want to be cautious there anyway. Sure, it's terrible, but it's still better than secretly hiding subdomain segments. Oh, the exciting things I could do with "mail.google.www.com."

When .CORN is a TLD, we can have this fight again (yourbank.co

Re: Don't chucklefuck the url

[Cmdln Daco]

Whenever I install NetBSD one of the first things I do is build SeaMonkey from source. This builds a good foundation of dependencies for a modern desktop. Usually, I then build fvwm2, so I have a modern window manager, too. The tab window manager (twm) is a built in part of the X11 system, but it's kind of primative.

Who do you trust?

[reanjr]

Who trusts www.domain.tld, but doesn't trust m.domain.tld? Is this really that big a deal for security?

Re:Who do you trust?

[Zuriel]

Hiding the subdomain opens the potential to make a user named "www.www" and be given the user-specific subdomain www.www.somesite.com, which then displays as www.somesite.com which will seem legitimate, and other dumb things.

www was never designed to have special privileges, so there's no protections in place to handle the basic stupid things that can happen when a browser decides to give it special treatment. Same goes for the "m" subdomain - sites have cheerfully been letting users create accounts with the username "m" and allocating them the m.site.com subdomain, because "m" doesn't mean anything special unless you decide to use it for something.

Re:Who do you trust?

[lordlod]

Actually in the initial implementation they dropped www regardless of the location in the url.

So www.www.somesite.com became somesite.com

And google.www.com became google.com

Re:Who do you trust?

[fibonacci8]

A missed opportunity for a ".m" tld or ".www" tld

Re:

[Actually, I do RTFA]

It's not that I trust www.domain.tld but not m.domain.tld. It's that sometimes I want to be on the www site, and sometimes I want to be on the m site.

Not everything has to be about security.

That said, smarter people than me will probably come up with reasons.

What I want is

[oldgraybeard]

a browser that works for interacting with the internet. I don't need a play toy that has a new version every week with features I need to try to turn off/ignore/find workarounds for. To the real world a browser is just a tool. Not an epic thing in itself. I don't use chrome much because I dislike their useless feature driven junk and it's huge foot print, slow performance, lousy UI, etc (starting 10 tasks). I also wonder what a browser made by a marketing company that makes money by selling out their users (data and privacy) is doing in the background.
Do the task, Do it well, Fix broken things otherwise leave it alone! Most everything that is being added now is excess junk.
The concept that developers should always be adding new features is a mistaken course. Constantly redesigning the UI is a waste. Make it work and work well then only add really important things when the need comes up. And resist adding junk and calling them features.
And dumbing down and hiding things from the users is a mistake! Granted some don't have a good grasp on reality but such is life.
Just my 2 cents ;)

Re:

[account_deleted]

Comment removed based on user account deletion

the 'm' subdomain? Never heard of it.

[lpq]

Huh?

What do they mean 'www' shouldn't be controlled by "users"...it's not for google to decide. Companies purchase domain names and different sub domains are for different things. Example -- if you don't go to www.vim.org, you won't get there. It's not the same as 'vim.org'. If you try to goto vim.org
it says the host isn't found -- because no valid host is at vim.org -- only www.vim.org.

How stupid is google to think they are the same?

Re:

[oldgraybeard]

Granted but 98+% of internet users will never be going to www.vim.org. Chrome is not considering individuals that use the internet for real work type things. Chrome is built for the end user consumer market. Where it is all about content consumption and online consumer sales.
People are surprised when I tell them I don't use Facebook, Twitter, etc, etc I respond with I create tech and only use the internet as a resource and not much for recreation.
For recreation I go out to the garage or down to my work sho

Re:the 'm' subdomain? Never heard of it.

[ancientt]

Not that you're generally wrong, but I would like to contest a minor point.

Chrome is built for the end user consumer market.

I think the better description would be to say Chrome is marketed to consumers. It's a subtle difference, but I think it leaves the clarity to say specifically that Chrome is built to further Google's goals. One of Google's main goals is to get consumers to use their system.

We've all seen people go to google.com to search for facebook rather than going to facebook.com directly. That's a win for Google. Google would really win if people forgot URLs exist. Then the only way to get to any website would be by having Google search for it, at least for most people. How could that happen? In small steps where first the http or https is hidden since most people don't know or care why it exists. Then after people get used to that, the next step is to hide other parts of the URL that people don't care to understand. Subdomains mean nothing to most people, TLDs are next. Really, what's the difference for most people? That's where Chrome is headed and what it is built for.

The real tragedy is that most people will be happier with it.

Re:

[Actually, I do RTFA]

The 'm' subdomain is where a lot of sites host their mobile version. In fact, I think most mobile browsers will try the m subdomain if you don't specify one, before failing over to the www one.

Chromium (not Chrome) version 69 doesn't do this

[Rosco P. Coltrane]

Just sayin'...

were they typed?

[Hugh Jorgen]

Yes? Fucking leave the user input alone.

this is going to make tech support harder

[Idimmu Xul]

go to www.brand.com and do the thing

im at brand.com and its not working

no you have to be at www.brand.com

ive typed that in but im at brand.com

no, you need the www at the front, brand.com is a different site to www.brand.com

Hiding information is bad

[sjames]

Remember when Microsoft decided it's users were just too bone headed to understand complicated extensions like .txt and .exe, so they hid them? And how they then wondered why people were happily clicking on invoice.doc.exe and costing the economy billions of dollars?

Google is the new Microsoft and they think everyone that isn't Google is stupid.

Re:Hiding information is bad

[nuckfuts]

Remember when? They STILL DO.

What in the f....

[thegarbz]

There is more community consensus that sites should not allow the 'www' subdomain to be user controlled.

Can we gather up this so called community where consensus exists that users should not allow the user / client to control which domain they access and fire these idiots into the centre of the sun.

Seriously technical people here, is there any legitimate reason that the www subdomain shouldn't be "user controlled"? I am all for letting web administrators control their side via re-directs or DNS entries, by why in the ever loving god should control of www be taken out of the user's hands anymore than it alread

of course display www.

[ReneR]

That is the website service providing individual to decide, if they do not want to use www. or m. then that is their choice, if not then not. Otherwise it can even lead to confusion copying or typing URLs.

WTF there's even more stupidity than just "www"

[thegarbz]

There is another bit of user interface stupidity to this story. From TFA:
Before reversing the changes it made, users were able to reveal the full web address — including the www or m subdomains — by double-clicking on the address bar in Chrome 69.

Then from the original ZDnet article:
and if you copy the simplified address and paste it elsewhere it will display the full address.

So in the name of "simplification" Google now has introduced a text bar whose text changes depending on HOW you click on it, and whose text is not representative of the actual text which would be copied to the clipboard.

This has got to be a WTF as big as the WTF about hiding the www in the first place. How could you screw up something as simple as a text entry field.

This is a DNS administrator's business

[nuckfuts]

To the person at Google who stated that www is now considered a 'trivial' subdomain" [chromium.org]:

In my experience, "www" is not typically a subdomain. It is a host name. For example, in your DNS you might have an A record that resolves "www" to the IP address of your web server, just as you might have an A record that resolves "ftp" to your FTP server, or whatever.

The interesting thing about DNS, however, is that you can create an A record for a subdomain. This means you can make the "www" part of a URL optional by having "www.mydomain.com" and "mydomain.com" resolve to the same IP address (or group of addresses).

So, Google, kindly do not fuck with my DNS naming preferences. When I pay to register a domain, that includes the right to determine what I do (and don't do) with the DNS for my domain. If I want to show "www" in my URLs, that's my bloody business, not yours.

Re:

[nuckfuts]

What happens if you use test1.www.domain.org test2.www.domain.org ?

In that example, test1 and test 2 are (presumably) host names, and www,domain.org is a subdomain.

Betteridge's Law of Headlines

[AdaStarks]

N- wait... *re-reads the title* Y... Yes?

Re:

[SeaFox]

No. They should not temporarily bring back the "www". They should permanently bring back the full address display.

Why? What are they hiding?

[Anonymous Coward]

The www part of the url is to the best of my knowledge an address record to a host or possibly a group of hosts, as in a cdn.
The public facing part of "yourdomain.com" if you will.
Even if you do connect to a mobile site that is usually denoted by an m in front of what you are visiting.
www.m.wikipedia.org and so on.

This might end up being at the root of a ton of dns poisoning attacks in the coming months.

When Microsoft hid file extensions by default an image.jpg and an image.jpg.exe would be indistinguishabl

Chrome uses website password to sign itself in!

[KreAture]

They did something else now too.
If you are NOT signed into chrome, and try to sign into the website youtube, chrome uses your information and password that you tried to give to accounts.google.com and signs itself into google so you are now signed into chrome!
Signing out of chrome again also signs you out of youtube...

"most users"

[dkman]

Because "most users" don't know the difference is not, by itself, a good reason to hide information. They will never learn if you hide the information.

Educated consumers are better for the economy, so don't go out of your way to make things dumber.