Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google The Internet

Google Resumes Its Senseless Attack On the URL Bar, Hides Full Addresses On Chrome 85 (androidpolice.com) 59

Google is pressing on with new plans to hide all parts of web addresses except the domain name. Android Police reports: A few new feature flags have appeared in Chrome's Dev and Canary channels (V85), which modify the appearance and behavior of web addresses in the address bar. The main flag is called "Omnibox UI Hide Steady-State URL Path, Query, and Ref" which hides everything in the current web address except the domain name. For example, "https://www.androidpolice.com/2020/06/07/lenovo-ideapad-flex-5-chromebook-review/" is simply displayed as "androidpolice.com." There are two additional flags that modify this behavior. One reveals the full address once you hover over the address bar (instead of having to click it), while the other only hides the address bar once you interact with the page. An issue page on the Chromium Bug tracker has also been created for keeping track of the changes, though there aren't any additional details there.

There's no public explanation yet for why Google is pressing ahead with these changes, but the company has said in the past that it believes showing the full address can make it harder to tell if the current site is legitimate. "Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage," Chromium software engineer Livvie Lin said in a design document earlier this year.
Google has since clarified how the experiment will work and what opt-out options will be available.

"We think this is an important problem area to explore because phishing and other forms of social engineering are still rampant on the web," a Chromium developer on the bug tracker for the change said, "and much research shows that browsers' current URL display patterns aren't effective defenses. We're implementing this simplified domain display experiment so that we can conduct qualitative and quantitative research to understand if it helps users identify malicious websites more accurately."

It was also confirmed that Google will keep the opt-out mechanism that is already present -- an 'Always show full URLs' setting that appears when you right-click the address bar. "We plan to support this opt-out option indefinitely," the same developer said.
This discussion has been archived. No new comments can be posted.

Google Resumes Its Senseless Attack On the URL Bar, Hides Full Addresses On Chrome 85

Comments Filter:
  • by Jane Q. Public ( 1010737 ) on Monday June 15, 2020 @05:04PM (#60187136)
    Safari has been doing that for quite some time.

    And I hate it.

    Having said that, clicking in the address bar brings the whole address back. But I don't want it hidden in the first place.
    • Safari -> Preferences -> Advanced -> "Show Full Website Address"

      • That setting only exists for the macOS version of Safari. There's no way to turn that feature off on iOS. Can't say I'm a fan of that feature and prefer to see the full URL.
        • Imagine a car that refuses to give any reading below 40MPH. Or will not show how much gas you have left, or the odometer, unless you tweak some setting deep within a huge menu structure that most drivers would not even know where to look for.

          I didn't RTFA, but I am assuming the address bar butchery is on by default.

          This also leaves open the possibility of more malicious behavior (user sees htt ps://domain.co m instead of htt ps://domain.co m/users/1337haxx0r/embeddedbadstuff.htm)

  • by quonset ( 4839537 ) on Monday June 15, 2020 @05:07PM (#60187154)

    Seriously. Dupe [slashdot.org].

  • A good compromise would be to highlight the domain but keep the rest displayed. Stop bleeping with de-facto standards, Google, or suffer MS-IE's fate.

    I remember when they placed the alert box (JavaScript "alert();") high up in the window instead of the middle. This confused roughly 2% of users for a certain app, creating a flood of help-desk tickets. If all the other browsers put it in the middle, why deviate? Before you deviate, ask for feedback. Is that asking too much?

    • You need popups to overlay the menu bar, to distinguish them from fraud boxes that are just drawings on the web page.

      That's one solution, anyway.

      • by Tablizer ( 95088 )

        It barely covers it up (in my test). A fake alert could just be at the top and few would notice the difference. And if they moved it even higher, people may miss it altogether.

        I understand the concern, but they didn't solve it. Perhaps make the browser border/menu flash or change color for a real alert box. If you don't see it flash, you know you're dealing with a fake alert.

      • Javascript alert() is 100% controlled by the page anyway, so that wouldn't make any difference.
      • Comment removed based on user account deletion
    • by Sigma 7 ( 266129 )

      I remember when they placed the alert box (JavaScript "alert();") high up in the window instead of the middle.

      That's meant to ensure that it's a browser thing rather than a webpage thing.

      But since they changed it, they might as well make it whole-hog and make that alert box non-modal on subsequent attempts to close the window - or add a way to force close webpages in the same way the operating system allows force-killing browsers.

    • This just reeks of programmers having nothing else to add to the browser, and are just adding 'features' like this to justify their continued employment.

      A web browser is a very mature product at this point, so there is little left to add.

  • Posts dupes of popular heavily commented stories.

  • by wakeboarder ( 2695839 ) on Monday June 15, 2020 @05:17PM (#60187196)

    They'll keep reducing things until you forget how to use the web and only use google

    • by SeaFox ( 739806 )

      > Implying most people online nowadays know how to use the URL bar to begin with.

      That's a pretty bold claim.
      There's a reason companies sweat so much about where they show up on search engine rankings for their trademarks.

    • The goal is to go back to the AOL model - that's all you needed, just AOL.
    • Yup. Evil.
  • by Rick Schumann ( 4662797 ) on Monday June 15, 2020 @05:22PM (#60187220) Journal
    Never liked Chrome in the first place and they keep giving me more reasons to hate it. I'll stick to Firefox.
  • by hey! ( 33014 ) on Monday June 15, 2020 @05:24PM (#60187230) Homepage Journal

    It definitely is *controversial*. There's a good chance it's wrong. It might even be stupid. But they have a justification for doing it that's worth thinking about: *for some people* a full URL obscures information they need by jumbling it with other information that's meaningless to them.

    That doesn't mean *nobody* has a use for that information. But presumably people who benefit from all that detail would know enough to opt-in. People who don't have use for that information, when presented with it, will just see an address bar as full of gibberish and ignore it. People are really good at ignoring stuff that's right there in front of them.

    Of course that argument cuts both ways; you can pare the address bar down so it only displays the most important thing for the non-technical user: the identity of the domain serving the data they're looking at. But it doesn't mean they'll pay any attention to it.

    So here's one possible result: they mildly inconvenience a bunch of power users and benefit absolutely nobody. But we know that will happen for sure.

    • People are really good at understanding things without knowing they understand them.

      By changing the behavior of the address bar, they are fucking with an already only partially useful paradigm, the URL.

      People barely understand the web they browse, and someone wants to give the plebs less data for their minds to crunch on in the background?

      How long before Google hides the domain too? No, really, you can trust us, you're actually on Twitter, not a google look-alike. Would we lie?
    • When Firefox does stupid things, at least usually you can disable them in about:config

      Senseless or not, they should at least allow "power" users to turn it on/off.

  • It's starting to look like they need that so that you keep getting hacked and are dependent on them. Without phishing attacks a whole bunch of application security folk would have less justification for their job and have to find another gig.

  • And then red to the right, or whatever colour scheme you want, to show people that there are different parts and they do different things. Tech support is hard enough without having to also tell people to click into the URL bar so they can actually see the specific page they're on! Removing things usually isn't the solution, sure, simplicity and elegance should be striven for, but here Context is what we need.
    • by clovis ( 4684 )

      And then red to the right, or whatever colour scheme you want, to show people that there are different parts and they do different things. Tech support is hard enough without having to also tell people to click into the URL bar so they can actually see the specific page they're on!

      Removing things usually isn't the solution, sure, simplicity and elegance should be striven for, but here Context is what we need.

      This.
      And do it for both the URL bar and especially for the hover over url links.

  • by backslashdot ( 95548 ) on Monday June 15, 2020 @05:40PM (#60187298)

    For you to be Chrome-Locked. Guaranteed at some point they will make it a pain in the ass to copy and paste URLs outside of Chrome/Google and then eventually they will make you think everything --all content is "on Google".

    • Oh is that why Safari did it?

      You fail to understand that at no point has google ever reduced the ability to copy or link. So congratulations on being in unsubstantiated conspiracy theory territory. I'd put your tinfoil hat on, but then how will you get google if you block the starlink satellites?

    • I've lost track of how many times I had to remove all of the /amp/ garbage from links so I could post them* . And there seems to be a few different formats when it comes to /amp/.

      *One reason is that Google is not seen as very trust worthy these days, so I post urls that are directed to the original page.

    • "eventually they will make you think everything --all content is "on Google"."

      Meet the new AOL, same as the old AOL.

  • Having an option is only good to intelligent people. This option needs to be hidden deep in the interface in about:config. We cannot let this option fall into the hands of dumb people, because giving dumb people the freedom of choice leads to bad outcomes (i.e. the election of the US president).

    • because giving dumb people the freedom of choice leads to bad outcomes

      Why is it always people dumber than me having this elitist opinion? YUO NO SMRT, I AM TEH SMAART, YOU NO VOET, ONLI I AM VOOT.

    • And this kind of gatekeeping is going to ensure that the 'dumb' people remain that way.

      This is like when certain Usenet groups were taken over and used as hangouts for uppity, elitist fucks (read: a bunch of awkward losers in their parents' basements who will never know what sex is like). That is, until they got flooded out by all of the penis enhancement spam. But before that, if you had a tech question, or whatever, these feces hurling monkeys would trash you for being a "newbie".

      The gatekeeping you are p

  • by Midnight Thunder ( 17205 ) on Monday June 15, 2020 @07:33PM (#60187662) Homepage Journal

    A timely e-mail came into my mailbox today, since I had been watching an issue. Apparently there is a flag to go back to showing the full URL:

    Comment #289 on issue 41467 by xxxxx@google.com: URL bar no longer shows http:/// [http]
    https://bugs.chromium.org/p/ch... [chromium.org]

    This was fixed in Chrome 83:
    - Enable chrome://flags/#omnibox-context-menu-show-full-urls
    - Restart the browser
    - Right-click the address bar, and check "Always show full URLs"

    • by paul248 ( 536459 )

      Yes, that's the real news here. Chrome has been butchering URLs for several years, and the problem is finally solved.

      Having a choice between "real URLs" and "kindergarten mode" is a massive improvement.

      • Having a choice between "real URLs" and "kindergarten mode" is a massive improvement."

        Why is there even a need for a "kindergarten mode" in the first place? Are the inexperienced really in that much of shock and awe if they see a long, complicated URL? The "why" is sorely missing from this, other than maybe a cheap attempt at content control (making it hard to copy+paste urls).

        Why must we keep setting the bar lower and lower, trying to make the ignorant more ignorant? This is nuts.

  • Did I just say that?! :-)

  • Dumbing down. (Score:5, Insightful)

    by Camel Pilot ( 78781 ) on Monday June 15, 2020 @07:50PM (#60187706) Homepage Journal

    Is not this the same motivation behind hiding the file extension by default? Or hiding the actual hierarchical location of the "virtual folder" Documents, Downloads, etc?

    Always pisses me off when you have to explain to a newbie where the photo they just download actually resides on their file system. By trying to make GUI interfaces easier (or dumber) the woke designers end up making it harder and more confusing.

    Remember when Gates himself download Mozilla to show how easy it is to install another web browser and he couldn't find where the download directory was?

    • Google is aiming for a UI that eventually looks like a smart TV! That said, I would rather it be Google mangling things than Microsoft - if they had their way, the Internet would be run on SharePoint and URLs would be meaningless garbage!
  • I guess phishing is still a big problem?

    The domain is bolded in the address bar, https:/// [https] is hidden (so now the domain is the first thing you see next to the lock), the lock is more picky about when it appears, and extended SSL certs can contain company info that can be displayed next to the lock, making it easy for users to verify their website.

    I can only assume there's still problems with users giving their passwords away to obvious phishing sites if Google feels they have to take this further, and hones

    • by tlhIngan ( 30335 )

      Similar.

      It's because phishing sites have tried everything, including http://example.com/blah/blah/b... [example.com]

      The padding is there to basically scroll the URL - on many space constrained browsers, it's less useful to know the site you're on than the actual document path so they will generally scroll to the end (so the user sees "https/www.facebook.com/" in the URL bar. It's why mobile browsers started showing just the domain name now and hiding the URL itself (but the full URL is exposed if you tap on it to say, co

  • I use Firefox.

    (Also, this is old news.)

  • by Shaitan ( 22585 ) on Tuesday June 16, 2020 @09:04AM (#60189000)

    This is about hiding tracking data they've encoded in the url

  • Another reason not to use Chrome, like I needed another. Used to love Chrome back in the day, back in the day when I thought I could trust google.
    To be honest most browsers are cookie cutter versions of each other anyways.

Avoid strange women and temporary variables.

Working...