Something I haven't seen anyone here bring up yet: many URLs <i>are</i> meaningless to humans past the domain. For an example, look at the top of this page. The only semantic meaning in the URL for this post is `news.ycombinator.com`. The rest, `item?id=24156986`, is meaningless to a human. (But, of course, meaningful to HN's backend.) A lot of (most?) of the URLs on the web are not <i>semantic</i>. They're naked application look-ups. I claim that for this current page, there's no meaningful loss of information by just showing the domain.<p>But some URLs <i>are</i> semantic. I think losing those would lose useful information for human readers. If we could perfectly know which URLs have useful semantic information for users and which don't, and then only present those with full semantic meaning, I wouldn't mind much.<p>Main point: I see people saying things like "these designers think people are too stupid to understand URLS." But that ignores that some URLs are not actually meaningful to anyone.<p>Anticipated responses:<p>1. You <i>are</i> losing information by taking off the "application lookup" part: the information that an application lookup was made. Fair enough. But I claim it's a small loss.<p>2. We can never perfectly separate out the URLs with useful semantic information. Which, also probably true. But I think we can do a decent job, and as long as the full URL is present when I mouse-over it, I probably wouldn't object.
Wow - top posts are conspiracy theories. "The only reason to do this..." "This is a security issue..."<p>Google has millions / billions of users. From a security standpoint the focus should be entirely on the root domain, that is the only really meaningful root of trust.<p>If you are talking about a security issue - the KEY security issue is ANY lack of clarity around root domain.<p>"Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage." is a statement they have around this change.<p>I think I agree - I suspect other browsers will have to copy chrome (again) in de-emphasizing the leading URL (often used for fishing).<p>Folks seem to miss the fact that google chrome was a minor competitor initially it IE - and their focus on things like ... security ... helped them become absolutely dominant. A fair number of enterprises have (finally) started slow slow switch to mandating chrome.
The title is misleading and people don't read the article.<p>Chrome is not hiding the bar address, it is only showing the domain in normal times, and showing the full url when you hover the bar<p>Personally I find it better for non technical people, because they can focus on the domain only. For tech people you have the option to keep the full url visible at all time, which fixes the issue.<p>As for people complaining about AMP, this is something different, which has nothing to do with displaying only the domain, but instead "showing the real domain when you are on a google AMP page"
They're just trying to prevent phishing. Remember when the DNC was hacked?<p>Employees at the DNC were linked to sites that looked exactly like the Google sign-in page, except that the URL was "myaccount.google.com-securitysettingpage.tk".<p>picture of the phishing website:<p><a href="https://security.stackexchange.com/questions/189688/does-google-check-for-unicode-characters-to-determine-spam-now-in-gmail" rel="nofollow">https://security.stackexchange.com/questions/189688/does-goo...</a><p>From interviews, it seems like there's two features Chrome developers are working on try to prevent these kinds of attacks. One is to hide the subdomain so that people can't make such tricky looking URLs. Another is feature to identify lookalike URLs and let users know about the anomaly.<p>sources:<p><a href="https://www.nytimes.com/interactive/2017/01/06/us/russian-hack-evidence.html" rel="nofollow">https://www.nytimes.com/interactive/2017/01/06/us/russian-ha...</a><p><a href="https://p3isys.com/p3isys-tech-blog/153-podestahack" rel="nofollow">https://p3isys.com/p3isys-tech-blog/153-podestahack</a><p><a href="https://www.wired.com/story/google-chrome-kill-url-first-steps/" rel="nofollow">https://www.wired.com/story/google-chrome-kill-url-first-ste...</a>
I get emails from some banks with instructions to spot phishing. One of those is to look at the full URL in emails or on websites to know if it’s authentic or not.<p>For better or worse, the URL scheme is what we have to identify websites and pages. Hiding that on larger screens doesn’t make much sense. It also hinders learning for the next generation.
Remember folks, Apple has been doing this in Safari since 2014. And there's been <i>zero</i> uproar over it at all. I don't understand why people suddenly hate this just because it's Google.<p>For most users, total focus on the domain name is a security <i>feature</i>. For 99% of users, what comes after the domain name might as well be gibberish. I mean, it is a majority of the time.
When the final version is implemented in a couple of years you will no longer see any URL, that way it won't be as evident that most sites on the web will be loaded from Google.<p>Google is also attacking this issue from a different perspective with Signed Exchanges [1][2], to fake the URL and ensure their success in becoming the gatekeepers of the internet.<p>If you refuse to become a content provider for Google's vision of the web, then they currently won't feature you at the top of search results in the Top Stories carousel, and perhaps demote you entirely from the first page in the future, depending on how their hijacking strategy works out.<p>[1] <a href="https://news.ycombinator.com/item?id=19678693" rel="nofollow">https://news.ycombinator.com/item?id=19678693</a><p>[2] <a href="https://www.iab.org/wp-content/IAB-uploads/2019/06/mozilla.pdf" rel="nofollow">https://www.iab.org/wp-content/IAB-uploads/2019/06/mozilla.p...</a>
Jake Archibald (a Googler) presents some decent points on this on the HTTP 203 podcast: <a href="https://youtu.be/0-wB1VY3Nrc" rel="nofollow">https://youtu.be/0-wB1VY3Nrc</a><p>I still don't agree with the removal of URLs, but I do still recommend watching the entire video if you want to get more perspective on the issue (beyond just the conspiracy theories about AMP and control).
For now I'm quite happy to have finally switched to Firefox a few months ago.<p>If Firefox disappeared though, as it seems it might, that would be horribly frustrating.
I still haven't found a good answer why they do this. "Makes it harder to tell if the current site is legitimate" sounds like an excuse. If you are the perfect target for a phishing attack (= clicks on everything, enters passwords everywhere, has no clue about host names) then you also won't be able to understand what Chrome presents you in the address bar after obfuscation.<p>My best explanation so far is that the Chrome team doesn't know how to improve their browser anymore so they just make up work to keep the software engineers busy.
IMO this is the real reason why they're pushing hard towards this:<p><pre><code> However, it's also worth considering that making the web address less important, as this feature does, benefits Google as a company. Google's goal with Accelerated Mobile Pages (AMP) and similar technologies is to keep users on Google-hosted content as much as possible, and Chrome for Android already modifies the address bar on AMP pages to hide that the pages are hosted by Google.</code></pre>
> “Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage," Chromium software engineer Livvie Lin said in a design document earlier this year.<p>I’m a software engineer, too, but I would never make such an important UX decision because I know that is not my area of expertise.<p>I hope they’ve gotten significant user feedback on this before rolling it out.<p>Personally, I hate it.
Vote with your choices (use a different browser). That's the only way to address such behaviour. Yes, I know the 95% out there who don't even know what a browser is but only know Chrome's icon gives access to the web won't understand any of this and they will continue giving mega-corporations a critical mass of unquestioning users to be used, but we have no other options.<p>We either express our voices, no matter if they're fringe (and hope it catches on) or we can just give up and not even write these articles any more.
This is why we should jump over to Firefox. Today! And by us I mean we who know that this is a bad idea. Mozilla is suffering and this is our last chance to not let Google and chrome have total dominance over the web. Mozilla copies Chrome a lot, but they need more market share to be able to get a say here and take the point of us power users.<p>I have been using and contributed to Firefox for years, and it is a great browser!<p>Come on, we know better! Use Firefox or watch Google destroy the open web. It's up to us!<p>Mozilla has flaws, yes, but this is important! That technical users continue to use Chrome is beyond me.
Stop using chrome. Use Firefox, <a href="https://www.mozilla.org/en-US/firefox/developer/" rel="nofollow">https://www.mozilla.org/en-US/firefox/developer/</a>.
URLs are supposed to be human-readable because they're intended to signal to users what the content is about.<p>What is not human-readable, although fully semantic, is all the parameter trash that comes after full URL. Stuff like "utm_source='twitter'&utm_medium='social_share" or cookie information and the like.<p>I can understand trimming that information, but hiding the URL to show the domain only makes no sense.
The example url in the article is:<p>> <a href="https://en.wikipedia.org/wiki/URL#Internationalized_URL" rel="nofollow">https://en.wikipedia.org/wiki/URL#Internationalized_URL</a><p>which is shortened in the address bar to:<p>> en.wikipedia.org<p>at the VERY least, I wish they would instead use:<p>> en.wikipedia.org/wiki/URL<p>Same for Twitter and Reddit URLs, specifically. Don't hide the username or the subreddit.
Sigh. Now browsers are as powerful as OSes. Why do you need OSes?<p>Address bars? People don't need them. Google should tell you which website you're visiting is good or which is bad if they hide the address bar.
google is not attacking the url bar, it's attacking <i>dns</i>, just like aol and verisign (and others) before it. google wants to replace the decentralized dns system with a centralized google lookup service, powered by their principle competitive advantage, search. google wants to control the internet itself.<p>they're banking on the idea that the average user wants to type (or speak) "macdonalds" and end up engaging with mcdonald's in some form. google wants to be the gatekeepers of the whole internet, not just the browser. the browser is small peanuts in comparison.<p>the simple narrative of this title/story is the kind of distraction we need to see right through with large organizations everywhere, whether it be a corporation, a government, or anything else. we the people must keep these entities in check so that they serve the greater good for all of us, not just the narrow and corrupt.
The Chromium blog post (which points out that like Safari on the Mac there's a setting now (not just a flag) to disable it):<p><a href="https://blog.chromium.org/2020/08/helping-people-spot-spoofs-url.html" rel="nofollow">https://blog.chromium.org/2020/08/helping-people-spot-spoofs...</a>
Switched to Vivaldi.<p>One click, and Vivaldi shows the <i>entire</i> URL, as it should be, including scheme and everything.<p>(Vivaldi browser was founded by employees of Opera, when Opera was sold to a Chinese company. Vivaldi is owned entirely by it's employees)
There are a lot of comments about hiding the URL "because the user doesn't understand" -- has there been any research into user education directly in the address bar?<p>Like, fresh install page points @ google.com. Why not A little browser popup highlighting the parts of the URL and explaining it, with a link + tutorial on how to understand parts of the URL?<p>Rather than dumbing the interface down, why not inform users so they can use these platforms more effectively?
If you like chromium ecosystem, I suggest trying the Vivaldi browser. <a href="https://vivaldi.com" rel="nofollow">https://vivaldi.com</a><p>It won me over with
(1) the ability to split the window into multiple tabs
(2) ability to turn any webpage into a side-bar "applet-thingy" -- great for having whatsapp, todoist, always on the side while you switch tabs.<p>It also has plenty of other features aimed at power-users.
It's a problematic change, but is actually more usable. Now as a developer, I don't have to worry about changing the URL too much, in order to enable deep linking and the back button. I also don't have to worry about the unsightly but useful query parameters on a search page. This should become the new standard.<p>It's not like the mailboxes that the USPS is removing, ostensibly in response to declining mail volume. The mail boxes weren't in the way. They were built according to the city codes. Removing them before an election is all downside, and no upside.<p>The path and query params in the URL are in the way. If you're making a page that's a list of data that gets filtered, each time you change one of the filters, and call replaceState when it changes, it would change the URL bar. That's visual noise.<p>I used to be against this, because I'm against Google's overall agenda with the web. I thought about it and couldn't deny the usefulness of being consistent across mobile and desktop, and letting the URL change as frequently as is useful from the developer perspective.
This has nothing to do with amp, and everything to do with users thinking <a href="http://printer001.cpalawyer.bz/mircosoftoneline.acutallogindomain.here/" rel="nofollow">http://printer001.cpalawyer.bz/mircosoftoneline.acutallogind...</a> is a legit office 365 login page.<p>Not that they're going to notice that the url bar says something random anyways.
This article had a major thread two months ago: <a href="https://news.ycombinator.com/item?id=23516088" rel="nofollow">https://news.ycombinator.com/item?id=23516088</a>.<p>It has been updated, apparently to mention an animation technique in the URL bar of Chrome 86, but that's apparently not SNI (<a href="https://hn.algolia.com/?query=%22significant%20new%20information%22%20by%3Adang&dateRange=all&page=0&prefix=false&sort=byDate&type=comment" rel="nofollow">https://hn.algolia.com/?query=%22significant%20new%20informa...</a>) since the discussion here isn't mentioning it. So I think we have to call this on the dupe side. See also <a href="https://hn.algolia.com/?query=follow-up%20by%3Adang&dateRange=all&page=0&prefix=true&sort=byDate&type=comment" rel="nofollow">https://hn.algolia.com/?query=follow-up%20by%3Adang&dateRang...</a> for how we moderate these.
I’ve wondered why we continue to display URLs as painfully-long single lines of text. Tradition? Why is this helpful anymore? (e.g. On an iPhone it’s not easy to edit the end of a URL.)<p>If it’s so damn hard to display full URLs on one line, let’s display them on <i>several</i> lines (at least after tapping on them), broken on dots to wrap. Spaces aren’t valid in URLs anyway.
If URLs get hidden in such a way, developers are going to stop caring about them. This is going to result in experiences like we get with apps like Facebook, which doesn’t have any conceivable way to get back to certain content. Think single page apps that never have any URL changes.<p>Of course the brass at Google is incredibly short sighted and clumsy in their approach. All the good people at Google are gone and we’re left with the dredges and it’s starting to show.
Well it does make the host domain clearer which could making phishing attempts harder.<p>But it must be weird when navigating around a website, while the url remains static... ugh creepy
One of my favorite macOS/iOS features is URLs. Most good native apps-- Things, Drafts, DEVONThink, etc.-- support URLs. URLs such as `things://` and `drafts://`. Some accept POST as well as GET.<p>There's even a specification of an iOS/macOS protocol very reminiscent of webhooks. <a href="http://x-callback-url.com/" rel="nofollow">http://x-callback-url.com/</a>
I wonder to what degree Google becoming increasingly a Walled Garden provides an opportunity for a new type of search engine. Instead of having to grapple with the breadth of services on the Internet, it grapples with the depth of each Walled Garden - Apple, Google, WeChat, etc.<p>I simply can't imagine that any one platform, however large, can truly grapple with the full range of use cases for the consumer internet.
If the domains were written from left to right / highest to lower level (example: com.ycombinator.news/... or com/ycombinator/news/...), this (particular) phishing problem would go away and there would be no reason to do this.<p>Out of ignorance, any proposals were made to change the order of (writing) domains levels? Or to create an alternative one (if that is even possible)?
Omg. I believe safari does that and I freaking hate it. I see how it makes every website act like an app, but these have real user values: you wouldn’t design a folder explorer by hiding where you are in the tree. Oh wait, actually that’s what macOS does already...<p>On the other hand, this is the default behavior on mobile browsers and it doesn’t seem to disturb anyone.
I often modify URLs when sharing with friends - stripping utm and other parameters especially when sharing amazon links<p>My search terms are not relevant to sharing a product ASIN<p>It seems that Google may view the web browser as an engine that is trying to reinvent native desktop apps. What’s old is new again just with some fancy words and a new generation
They should fix this bug first:<p>> Issue 1084406: Reappearance of "HTTPS://" causes URL text to move as you are selecting it<p>> <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=1084406" rel="nofollow">https://bugs.chromium.org/p/chromium/issues/detail?id=108440...</a>
I prefer what Firefox. Just keep the domain name black/highlighted and the rest of URL gray.<p>But, for average user this might be more effective to detect phishing attacks since they never check full URL anyway. (Unless when a website does something stupid with query string parameters)
Feel like this is similar to a future self-driving Google car depositing me at my destination, but without telling me the address itself. We're here.<p>For me personally, this makes it official, I need to keep my guard up at all times when using anything Google.
I don't believe this is an attack. It hides the full address, but you can hover over it to see the whole thing, or even enable full addresses easily.<p>I believe this is legitimately done to improve UX for users who may be phished. Tying this to AMP is a mistake.
I was just thinking about this the other day: at the same time, they keep adding weird, inscrutable nonsense at the end of every Google Search URL, so what's the point of hiding the protocols and www and whatnot?
Naaa. They are making up space for ads and chrome extensions. URLs are important, to the difference between a home page and other pages or will never know if you are redirected.
Hiding the full URL will redirect a lot of traffics back to Google's search engine because people can't easily figure out the source from a screenshot anymore.
This is the same company that will selectively censor leaked information, as election interference.<p><a href="https://techxplore.com/news/2020-08-facebook-google-election-efforts.html" rel="nofollow">https://techxplore.com/news/2020-08-facebook-google-election...</a><p>At this rate, China will be a more free country.
What are they gaining from this that possesses then to fight such consistent opposition?<p>I don't see anyone stumping for this or any groups making any arguments for it beyond aesthetics, which is nice but surely doesn't outweigh all the vociferous opposition.<p>What gives? Cui bono?
I’m gonna go out on a limb here and say this might actually be a good thing for people who are looking for domains.<p>But also a great thing for google as they are going to reinforce searching instead of typing in a domain.
Having looked at the intended design implementation, I'm not _super_ against this change, but I'm not fully onboard. And the concept of AMP here isn't lost on me, either.<p>I understand the stated goal of this is for simplicity for users and enhancing generic security. I feel Firefox already does this better. Let's take the following URL for example:<p><a href="https://code.visualstudio.com/docs/" rel="nofollow">https://code.visualstudio.com/docs/</a><p>On my work MBP with FF 79 and GC 81, this is what I see ([] signifies contrasted text color):<p>Firefox:
<a href="https://code.[visualstudio.com]/docs/" rel="nofollow">https://code.[visualstudio.com]/docs/</a><p>Chrome:
[code.visualstudio.com]/docs/<p>Chrome (after clicking twice in the address bar:
<a href="https://[code.visualstudio.com]/docs/" rel="nofollow">https://[code.visualstudio.com]/docs/</a><p>Chrome 86 (uses above formatting on hover):
code.visualstudio.com<p>In both apps, the dark themes provide more contrast that the light ones. I don't think we need to hide URL's from users, because what really matters is the very beginning of the URL which is always shown, and noting the root domain in a more contrasted, apparent way (like Firefox does) is to me a better solution to this problem. Spending time to improve the appearance of the important part of the URL will help everyone in the end, rather than taking the easy road of just isolating it.<p>Time would be better spent on solving horrible looking URLs in the first place and how URLs get represented in sharing (e.g. email clients, SMS, etc), which is where arguable most visual URL security concerns take place. If anything, I think I'm less likely to trust a URL like this (a simple Google search for "example url") when taking a glance in an email (removed https so full URL would show):<p>"://www.google.com/search?source=hp&ei=IJ82X6DoINCJytMP75Cn6As&q=example+url&oq=example+url&gs_lcp=CgZwc3ktYWIQAzICCAAyAggAMgIIADICCAAyAggAMgIIADICCAAyAggAMgIIADICCAA6CAgAELEDEIMBOgUIABCxAzoCCC46CwguELEDEMcBEKMCOgUILhCxAzoECAAQCjoLCC4QsQMQxwEQrwE6CggAELEDEEYQ-QFQkDJYxEdg3khoAnAAeAGAAbsBiAHBBpIBBDEyLjGYAQCgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwig-Nis85rrAhXQhHIEHW_ICb0Q4dUDCAg&uact=5"<p>than "://www.google.com/search?query=example+url"<p>If on mobile, go into landscape for the larger URL, unless there’s a better way to format it I’m not aware of. Didn’t think a code block was best for a massive oneliner.<p>A possible middle ground could be taking a look at limiting token visibility. But a larger discussion would be needed for that as well.
so... is this a chromium thing or a chrome thing? if it is just exclusive to chrome, then maybe it's time to finally give the new microsoft edge a try.