Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Chrome Google The Internet

Google Temporarily Brings Back the www In Chrome URLs -- But Should They? (digitaltrends.com) 144

An anonymous reader quotes Digital Trends: With the launch of Chrome 69, Google stunned users last week with a surprising decision to no longer display the "www" and "m" part of the URL in the Chrome search bar, but user backlash forced Google to soften its stance. Google's course reversal, although welcomed by users, is only short term, and the search giant said it will change course once again with the release of the Chrome 70 browser....

Critics have argued that by not displaying the special-case subdomains, it was harder for users to identify sites as legitimate, and the move could lead to more scams on the internet. Others go as far as questioning Google's motives for not displaying the "www" and "m" portion of a web address, and these users speculated that the move may be to disguise Google's AMP -- or Accelerated Mobile Pages -- subdomain to make it indistinguishable for the actual domain....

With the launch of Chrome 70, Google plans on hiding the 'www' portion of a web address inside the search bar, but it will continue to display the 'm' subdomain. "We are not going to elide 'm' in M70 because we found large sites that have a user-controlled 'm' subdomain," Google Chromium product manager Emily Schecter said. "There is more community consensus that sites should not allow the 'www' subdomain to be user controlled."

ZDNet notes that while Chrome's billion-plus users were surprised, "Apple's Safari likewise hides the www and m but it hasn't caused as much concern, likely because of Google's outsized influence over the web and Chrome's dominance of the browser market."

TechRepublic quotes a community feedback post that had argued that "Lying about the hostname to novices and power users alike in the name of simplifying the UI seems imprudent from a security perspective."
This discussion has been archived. No new comments can be posted.

Google Temporarily Brings Back the www In Chrome URLs -- But Should They?

Comments Filter:
  • by Anonymous Coward on Saturday September 15, 2018 @09:45AM (#57319046)

    URLs should be displayed as they are, not interpreted, not dumbed down for dumb users, not altered in any way.

    Anything else poses security risks to people who know what they're doing, and further enables absolute idiots who have no business being anywhere near a computer and are too stupid to figure out even the basics of how anything works. We all have enough trouble with those.

    Speaking of idiots, in about 5 posts expect to see some moron trying to say this is all Donald Trump's fault since every other discussion around here seems to devolve into that.

    • by Script Cat ( 832717 ) on Saturday September 15, 2018 @09:50AM (#57319060)

      This, and It should display the resolved IP address too. There's no reason not to show it, except to keep people stupid.

      • by Anonymous Coward

        How is it supposed to handle round Robin records?

      • Re: (Score:2, Informative)

        by Anonymous Coward
        An IP address does not identify a website. A DNS and cert does. IP address are meant to be assumed arbitrary when it comes to security, except root DNS and other such critical services.
      • by rossz ( 67331 )

        The people who know what to do with an IP address already know how to look up the ip address. And we are a significant minority. There is no need to clutter the display with information that is absolutely useless to the overwhelming majority of users.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Speaking of idiots, in about 5 posts expect to see some moron trying to say this is all Donald Trump's fault since every other discussion around here seems to devolve into that.

      Well, those comments ARE Trump's fault. :-P

    • Re: (Score:2, Insightful)

      Well, it's not his fault, but he is an idiot and you brought up both him and his idiocy. You don't want discussion of the idiot in chief, don't bring him up yourself.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Saturday September 15, 2018 @10:32AM (#57319212)
      Comment removed based on user account deletion
    • In what way is this a security problem? You see the base domain, what difference is www or m?

      • by William Baric ( 256345 ) on Saturday September 15, 2018 @12:04PM (#57319576)

        Although it's common for www.mysite.com to be a CNAME for mysite.com, this is not always the case. This means Chrome might display the same URL for two different web pages.

        • by JMJimmy ( 2036122 ) on Saturday September 15, 2018 @12:12PM (#57319598)

          To me this is the issue - simple usability.

          If you accidentally land on an m.site.com url from a search result the way to figure out if you should look for the non-mobile version is to look at the subdomain.

        • by jrumney ( 197329 )
          It was even worse when they hid "m.", as these are often reduced functionality versions of websites, and it is sometimes important to be able to see that you've ended up there by mistake. I notice twitter has already switched from m.twitter.com to mobile.twitter.com to counter this.
      • by KiloByte ( 825081 ) on Saturday September 15, 2018 @12:08PM (#57319594)

        On many sites there's useful www.foo and useless www.m.foo; seeing the m lets you know that a link you followed led you to the broken version, so you can immediately rectify that. Not so if that part of the URL is hidden.

      • by Anonymous Coward

        See here [chromium.org] and here [chromium.org]

        A few examples from the issues above:

        * "subdomain.www.domain.com" displays as "subdomain.domain.com".
        * "http://www.example.www.example.com" turns to "example.example.com"
        * "www.m.www.m.example.com" becomes "example.com".

        Obviously this is all screwed up, and a web site at "example.com" and "www.example.com" and "m.example.com" can be completely different.

    • URLs should be displayed as they are, not interpreted, not dumbed down for dumb users, not altered in any way.

      Did they fix it to show the full URL, including http:/// [http] or https:/// [https] ? Because the Chrome I have strips the http/https:// uri. I disabled the url mangling thing in settings.

    • Comment removed based on user account deletion
    • Agree...full URL and especially protocol have to be displayed. Removing this is not only unnecessary, but can also lead to incorrect assumptions (after all, a site with www can be different than one without). Dropping the protocol is weakening security.
  • Yes. End of story. (Score:5, Insightful)

    by Anonymous Coward on Saturday September 15, 2018 @09:49AM (#57319056)

    The URL bar should display the URL.
    The URL contains a domain. It should display that domain. There is no reason to lie about the location. It is important if I am at sub.domain.tld or domain.tld. Those are different locations, served, in theory, by different machines.

    If something as simple as a "www" overwhelms you, please tell your legal guardian that you have an exacerbation, and maybe a computer has become too much for you entirely. You certainly won't be tying your own shoes anymore at that level of mental disability.

  • No. (Score:5, Insightful)

    by Anonymous Coward on Saturday September 15, 2018 @09:49AM (#57319058)

    Google should PERMANENTLY stop fiddling with this bullshit. The thing in the address bar is not a aol or compuserve keyword. It's an URL, that's a protocol, a hostname, and then whatever random trash you need to feed the webmonkeys' infernal machine to give it what you want -- which might be a file name, lots of parameters, or whatever else. Trying to hide some part of it because it confuses the lusers will not un-confuse the lusers, they are permanently confused anyway. It will now also confuse the slightly-more-savvy, and annoy the experts.

    I say we really ought've come up with a better interface than google, mozilla, or redmond, or really most everyone else "big", have managed so far. Something that Just Does Not Care about what lusers "think", but is straight-up clear and honest about the technical side of things. The absence of such a thing just goes to show that nobody knowledgeable is actually active in this space. Webmonkeying breeds webmonkeys. Whodathot.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Oracle lost MySQL, open office, and other blather, because they not only couldn't read the marketplace -- they were overbearing and heavy handed.

      Google Chrome can only implement so many mistakes before market share moves away, and someone can always fork it. This kind of change -- a missing www, doesn't seem to me, to be enough to cause a mass loss of users. But it shows a heavy-handedness, an excessive zeal to manipulate using market share, and bad decision making all in one.

      Which means? More of this ma

    • Re:No. (Score:5, Insightful)

      by HumanEmulator ( 1062440 ) on Saturday September 15, 2018 @05:41PM (#57320864)
      They're not going to stop fiddling, because the long-term goal is to eliminate URLs from the interface. They want you to do Google searches for websites instead of entering some "confusing" direct address. Hiding more parts of the URL is another gradual step towards making the address bar into a pure Google search bar. Average-Joe user will see no harm in this and probably even think it's a good idea.
  • stuff that works (Score:5, Insightful)

    by pD-brane ( 302604 ) on Saturday September 15, 2018 @09:51AM (#57319064) Homepage

    Why change things all the time (and waste the users' time) when things don't get better? I.e., why not leave the URL alone?

    simplifying the UI

    How is removing information like www. a simplification of the user interface?

    • I guess google looked at URLs and decided that not displaying http:/// [http] or https:/// [https] was too hard. /s

      If they're eliminating the www, does this mean they will also get rid of the ftp for ftp servers?

    • by thegarbz ( 1787294 ) on Saturday September 15, 2018 @12:13PM (#57319600)

      How is removing information like www. a simplification of the user interface?

      In the same way as only offering one flavour of sandwich at the canteen simplifies buying lunch.

      You will eat / watch what we want you to.

    • Why change things all the time (and waste the users' time) when things don't get better? I.e., why not leave the URL alone?

      simplifying the UI

      How is removing information like www. a simplification of the user interface?

      Same reason we don't show the port number - it's usually pointless information that is irrelevant. And no I'm not saying it's always useless, and that there's no case where this won't be annoying or harmful, but obviously it does simplify the address. Those people posting on this story with unwavering views that this is a non-changable thing, are forgetting that we already remove information from the URL.

      • Same reason we don't show the port number - it's usually pointless information that is irrelevant.

        The port number is only hidden when it's equal to the standard port number. If you see an HTTP or HTTPS URL without an explicit port number you still know exactly what the port is. The same is not true for domain names: with this UI change, "example.com" in the address bar could represent either "example.com" or "www.example.com", which do not necessarily refer to the same content, or even the same server.

        I don't see this as "simplifying" the UI. A better term would be "simplistic". UIs should be "as simple

    • This was the downfall of Gnome, KDE, and Firefox. Damn, Chrome is so powerful now and CSS and HTML are so much more advanced than the past that I don't think another browser can pop up to replace it sadly.

  • by Junta ( 36770 ) on Saturday September 15, 2018 @10:01AM (#57319102)

    "With the launch of Chrome 70, Google plans on hiding the ‘www’ portion of a web address inside the search bar"

    They are putting the 'm.' back in, not www. They are basing this on a rough idea of not knowing of a 'www.' that differs from the top level of a 'large' site, rather than some hard and fast rule.

    The simple fact of the matter is it is a dumb idea. It doesn't make urls any friendlier (who in the world honestly believes that www. and m. are the thing that can make urls hard?), but it does potentially cause confusion.

    As to calls of 'but Apple can...', the difference is that browser has less than 4% of the share of the desktop market, and those people are the unbelievably loyal to Apple. On the mobile browser, the url situation is already pretty useless given the limited screen real estate.

    • by Junta ( 36770 )

      Didn't realize that in chrome 69 they changed and 70 is next, not the reversal... in any event.. ugh..

    • Safari has a "web site" view that shows the domain (and only the domain, with a lock/none for http/https). This view doesn't show the www or m sudomains (but does show others). It also doesn't show the rest of the URL. As soon as you ask Safari (by clicking), it goes back to a complete URL.

      Contrast this with Chrome, where I cannot even get it to display the protocol in any way. One's a simplification with the ability for more info. The other is Google being a dick.

    • by 93 Escort Wagon ( 326346 ) on Saturday September 15, 2018 @12:54PM (#57319790)

      It doesn't make urls any friendlier (who in the world honestly believes that www. and m. are the thing that can make urls hard?), but it does potentially cause confusion.

      I don't think this is really about “www” or “m”. It’s probably the first in a series of longer-term changes Google intends to make which benefits them more directly - perhaps by obscuring the fact that people are viewing pages through some custom Google domain, like AMP.

      I suspect Google’s longer-term play is to somehow get people viewing the web but never actually leaving google.com - more or less adopting one of Facebook’s operational principles. But it starts with a relatively innocuous move like this one.

      • by Anonymous Coward

        I don't think this is really about “www” or “m”. It’s probably the first in a series of longer-term changes Google intends to make which benefits them more directly - perhaps by obscuring the fact that people are viewing pages through some custom Google domain, like AMP.

        I suspect Google’s longer-term play is to somehow get people viewing the web but never actually leaving google.com - more or less adopting one of Facebook’s operational principles. But it starts with a relatively innocuous move like this one.

        So making the Google Chrome web browser into the America OnLine (AOL) application in which everything you do is determined by Alphabet Inc. Their version of the World Wide Web can be called Alphabet OnLine (AOL) too.

      • shouldn't they hide the END of urls then?

        If you want to hide that www.slashdot.amp.google.com is served using AMP on Google servers instead of www.slashdot.com, dies hiding the www really help?

  • by xack ( 5304745 ) on Saturday September 15, 2018 @10:02AM (#57319112)
    Doing so makes Chrome the Phisherman's friend. Pale Moon seems to be the only modern browser that has the courage to show the full url by default.
    • Doing so makes Chrome the Phisherman's friend. Pale Moon seems to be the only modern browser that has the courage to show the full url by default.

      The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.

      • by q4Fry ( 1322209 )

        The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.

        Fine. So check for that instead and mark domains with non-locale or lookalike characters.

        • The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.

          Fine. So check for that instead and mark domains with non-locale or lookalike characters.

          Would only work if it the characters allowed were defined in a standard, and we added some mechanism for domain owners to specify what locale is allowed for URLs in their domain. As it is, there's no way to distinguish the legitimate from illegitimate URLs. You could pick some rules that would be right 99.9% of the time, but would incorrectly penalize legitimate URLs

          The mistake is made, URLs are what they are and they're not a trustworthy indicator, not even to people who know what they're doing much le

          • by q4Fry ( 1322209 )

            I don't care about what the site owners say; they could be evil. Wasn't that your point?

            The browser knows my locale. If I'm in en-GB, let me know if I hit a domain with maths characters (or Turkic, etc.). Yes, it will penalize websites outside of my locale, but maybe I want to be cautious there anyway. Sure, it's terrible, but it's still better than secretly hiding subdomain segments. Oh, the exciting things I could do with "mail.google.www.com."

            When .CORN is a TLD, we can have this fight again (yourbank.co

  • Who trusts www.domain.tld, but doesn't trust m.domain.tld? Is this really that big a deal for security?

    • by Zuriel ( 1760072 ) on Saturday September 15, 2018 @10:15AM (#57319158)

      Hiding the subdomain opens the potential to make a user named "www.www" and be given the user-specific subdomain www.www.somesite.com, which then displays as www.somesite.com which will seem legitimate, and other dumb things.

      www was never designed to have special privileges, so there's no protections in place to handle the basic stupid things that can happen when a browser decides to give it special treatment. Same goes for the "m" subdomain - sites have cheerfully been letting users create accounts with the username "m" and allocating them the m.site.com subdomain, because "m" doesn't mean anything special unless you decide to use it for something.

    • It's not that I trust www.domain.tld but not m.domain.tld. It's that sometimes I want to be on the www site, and sometimes I want to be on the m site.

      Not everything has to be about security.

      That said, smarter people than me will probably come up with reasons.

  • What I want is (Score:4, Insightful)

    by oldgraybeard ( 2939809 ) on Saturday September 15, 2018 @10:13AM (#57319150)
    a browser that works for interacting with the internet. I don't need a play toy that has a new version every week with features I need to try to turn off/ignore/find workarounds for. To the real world a browser is just a tool. Not an epic thing in itself. I don't use chrome much because I dislike their useless feature driven junk and it's huge foot print, slow performance, lousy UI, etc (starting 10 tasks). I also wonder what a browser made by a marketing company that makes money by selling out their users (data and privacy) is doing in the background.
    Do the task, Do it well, Fix broken things otherwise leave it alone! Most everything that is being added now is excess junk.
    The concept that developers should always be adding new features is a mistaken course. Constantly redesigning the UI is a waste. Make it work and work well then only add really important things when the need comes up. And resist adding junk and calling them features.
    And dumbing down and hiding things from the users is a mistake! Granted some don't have a good grasp on reality but such is life.
    Just my 2 cents ;)
  • by lpq ( 583377 ) on Saturday September 15, 2018 @10:20AM (#57319170) Homepage Journal

    Huh?

    What do they mean 'www' shouldn't be controlled by "users"...it's not for google to decide. Companies purchase domain names and different sub domains are for different things. Example -- if you don't go to www.vim.org, you won't get there. It's not the same as 'vim.org'. If you try to goto vim.org
    it says the host isn't found -- because no valid host is at vim.org -- only www.vim.org.

    How stupid is google to think they are the same?

    • Granted but 98+% of internet users will never be going to www.vim.org. Chrome is not considering individuals that use the internet for real work type things. Chrome is built for the end user consumer market. Where it is all about content consumption and online consumer sales.
      People are surprised when I tell them I don't use Facebook, Twitter, etc, etc I respond with I create tech and only use the internet as a resource and not much for recreation.
      For recreation I go out to the garage or down to my work sho
      • by ancientt ( 569920 ) <ancientt@yahoo.com> on Saturday September 15, 2018 @01:21PM (#57319872) Homepage Journal

        Not that you're generally wrong, but I would like to contest a minor point.

        Chrome is built for the end user consumer market.

        I think the better description would be to say Chrome is marketed to consumers. It's a subtle difference, but I think it leaves the clarity to say specifically that Chrome is built to further Google's goals. One of Google's main goals is to get consumers to use their system.

        We've all seen people go to google.com to search for facebook rather than going to facebook.com directly. That's a win for Google. Google would really win if people forgot URLs exist. Then the only way to get to any website would be by having Google search for it, at least for most people. How could that happen? In small steps where first the http or https is hidden since most people don't know or care why it exists. Then after people get used to that, the next step is to hide other parts of the URL that people don't care to understand. Subdomains mean nothing to most people, TLDs are next. Really, what's the difference for most people? That's where Chrome is headed and what it is built for.

        The real tragedy is that most people will be happier with it.

    • The 'm' subdomain is where a lot of sites host their mobile version. In fact, I think most mobile browsers will try the m subdomain if you don't specify one, before failing over to the www one.

  • Yes? Fucking leave the user input alone.
  • by Idimmu Xul ( 204345 ) on Saturday September 15, 2018 @11:29AM (#57319402) Homepage Journal

    go to www.brand.com and do the thing

    im at brand.com and its not working

    no you have to be at www.brand.com

    ive typed that in but im at brand.com

    no, you need the www at the front, brand.com is a different site to www.brand.com

  • by sjames ( 1099 ) on Saturday September 15, 2018 @11:51AM (#57319506) Homepage Journal

    Remember when Microsoft decided it's users were just too bone headed to understand complicated extensions like .txt and .exe, so they hid them? And how they then wondered why people were happily clicking on invoice.doc.exe and costing the economy billions of dollars?

    Google is the new Microsoft and they think everyone that isn't Google is stupid.

  • There is more community consensus that sites should not allow the 'www' subdomain to be user controlled.

    Can we gather up this so called community where consensus exists that users should not allow the user / client to control which domain they access and fire these idiots into the centre of the sun.

    Seriously technical people here, is there any legitimate reason that the www subdomain shouldn't be "user controlled"? I am all for letting web administrators control their side via re-directs or DNS entries, by why in the ever loving god should control of www be taken out of the user's hands anymore than it alread

  • That is the website service providing individual to decide, if they do not want to use www. or m. then that is their choice, if not then not. Otherwise it can even lead to confusion copying or typing URLs.
  • by thegarbz ( 1787294 ) on Saturday September 15, 2018 @12:26PM (#57319666)

    There is another bit of user interface stupidity to this story. From TFA:
    Before reversing the changes it made, users were able to reveal the full web address — including the www or m subdomains — by double-clicking on the address bar in Chrome 69.

    Then from the original ZDnet article:
    and if you copy the simplified address and paste it elsewhere it will display the full address.

    So in the name of "simplification" Google now has introduced a text bar whose text changes depending on HOW you click on it, and whose text is not representative of the actual text which would be copied to the clipboard.

    This has got to be a WTF as big as the WTF about hiding the www in the first place. How could you screw up something as simple as a text entry field.

  • by nuckfuts ( 690967 ) on Saturday September 15, 2018 @12:37PM (#57319720)

    To the person at Google who stated that www is now considered a 'trivial' subdomain" [chromium.org]:

    In my experience, "www" is not typically a subdomain. It is a host name. For example, in your DNS you might have an A record that resolves "www" to the IP address of your web server, just as you might have an A record that resolves "ftp" to your FTP server, or whatever.

    The interesting thing about DNS, however, is that you can create an A record for a subdomain. This means you can make the "www" part of a URL optional by having "www.mydomain.com" and "mydomain.com" resolve to the same IP address (or group of addresses).

    So, Google, kindly do not fuck with my DNS naming preferences. When I pay to register a domain, that includes the right to determine what I do (and don't do) with the DNS for my domain. If I want to show "www" in my URLs, that's my bloody business, not yours.

  • by AdaStarks ( 2634757 ) on Saturday September 15, 2018 @12:38PM (#57319724)

    N- wait... *re-reads the title* Y... Yes?

    • by SeaFox ( 739806 )

      No. They should not temporarily bring back the "www". They should permanently bring back the full address display.

  • by Anonymous Coward

    The www part of the url is to the best of my knowledge an address record to a host or possibly a group of hosts, as in a cdn.
    The public facing part of "yourdomain.com" if you will.
    Even if you do connect to a mobile site that is usually denoted by an m in front of what you are visiting.
    www.m.wikipedia.org and so on.

    This might end up being at the root of a ton of dns poisoning attacks in the coming months.

    When Microsoft hid file extensions by default an image.jpg and an image.jpg.exe would be indistinguishabl

  • They did something else now too.
    If you are NOT signed into chrome, and try to sign into the website youtube, chrome uses your information and password that you tried to give to accounts.google.com and signs itself into google so you are now signed into chrome!
    Signing out of chrome again also signs you out of youtube...
  • Because "most users" don't know the difference is not, by itself, a good reason to hide information. They will never learn if you hide the information.

    Educated consumers are better for the economy, so don't go out of your way to make things dumber.

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...