“We plan to hide ‘https’ scheme and subdomain ‘www’ in Chrome omnibox in M76”

Hm, hiding the protocol and the host part in the address – what next, hiding the domain? However, the path is hidden already, what&#x27;s left then?<p>Seriously speaking: If browsers are simplifying the URI scheme for the alleged benefit of users, how do we expect these users to know anything about addresses? Isn&#x27;t this rather undermining security than enhancing it? Highlighting significant parts may be preferable to hiding those deemed insignificant. Moreover, regarding https, I personally prefer positive affirmation over lack of warning.<p>For me, this worked best for desktop browsers with the padlock icon (and, before this, the key icon) shown together with a display of link targets in a status bar as a separate, reserved area. (While allowing pages to overwrite `window.status` was certainly not a good idea.) A consistent display of the authority issuing the certificate of the current page in a status bar like this may be also nice. I&#x27;m not convinced that less but more opaque information is the way to go.<p>Dedicating 20 vertical pixels of virtual real estate to security relevant information may be worth it. It may be also easier to parse than an overloaded omnnibox&#x2F;location&#x2F;search&#x2F;navigation&#x2F;security&#x2F;menu bar. Cutting down any information which is displayed too densely right from the beginning won&#x27;t help the issue. How many bits of information are there in this &quot;everything bar&quot;? Yes, there&#x27;s still a bit of grouping left, mainly by spacing, but color is mostly gone as a signal in order to make the information density bearable. So users will be applying quite an amount of selectivity when parsing this display, by this inevitably missing relevant information. (That this densely combined display is rather homogenous both for esthetics and acceptance just aggravates the need for selective parsing, which is likely to become a habit.) &quot;We&#x27;ll pre-filter this for you&quot; isn&#x27;t addressing the problem, it&#x27;s rather &quot;living with the outcome&quot;.<p>Edit: A legitimate reason for redacting the host name are extensive names, crafted to exceed the space available in the location display in order to deceive users regarding the identity of the host. Here, abbreviating by an ellipsis (compare text-overflow: ellipsis) in order to fully display the domain may be a way to go.<p>--<p>P.S.: What&#x27;s the general lesson taught by such redactions by the browser vendor? That it is OK to ignore these things, as they are truly irrelevant? (Must be without significance, since Google told me so?)

And this way you won&#x27;t know if your page is AMP, or just a webpage (since amp follows www in things they are hiding).<p>I strongly suspect that this (and the eventual goal of making the whole web hosted by Google) is actually the rationale behind the decision.<p>Previous discussion: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17927972" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17927972</a><p>Also, training the user to treat the URL as text, so that you search for domains (type &quot;amazon&quot; instead of &quot;amazon.com&quot;), is better for them. The &quot;URL&quot; bar is for Chrome also a search bar (and every domain you enter is sent to Google &quot;for search suggestions&quot;).

For Google, there is no money to be made when people know how to enter URL in a browser&#x27;s address bar. Money is on users searching for a company using a name each time they want to visit a company website. That way Google can bombard users with adverts. When they click on those adverts, Google get paid. Now companies will be forced to advertise using Google AdWords. So that they can appear on top of the search list. Otherwise Google will show ads of their competitors first.

So apparently Google rolled out an update where they &#x27;m.domain.com&#x27; turn into &#x27;domain.com&#x27; in the omnibox. In what world is this acceptable? How can they assume that &#x27;m.&#x27; always means mobile and &#x27;www.&#x27; is the same as the root domain for all hosts?<p>Let&#x27;s assume that you have a blog platform offering subdomains for each user and &#x27;m.blogplatform.com&#x27; is available. Now, any user can get that subdomain and impersonate the homepage because Emily from Chromium decided that eliding parts of the URL without any spec is a reasonable decision.

I&#x27;m not sure why everyone is so up in arms here. I don&#x27;t see how this change is detrimental to the web or somehow good for Google. Hiding the &quot;<a href="https:&#x2F;&#x2F;&quot;" rel="nofollow">https:&#x2F;&#x2F;&quot;</a> seems like a perfectly fine idea as long as there&#x27;s a clear way to distinguish between https and http pages. Safari&#x27;s done this for a long time; https pages display a tiny padlock icon and http pages display a much more prominent &quot;Not Secure — &quot; prefix (i.e. the obvious display is when you&#x27;re insecure, which is the right way to go about things).<p>Hiding &quot;www&quot; seems less meaningful. I&#x27;m not really sure what the motivation is there, beyond the fact that the &quot;www&quot; prefix is mostly just aesthetics. My best guess is they want the url to start with &quot;google.com&quot; instead of &quot;www.google.com&quot;, except that&#x27;s not helpful from a security standpoint at all and might be slightly detrimental, if it trains people that the very first word they encounter is the most important, as paypal.whatever.com is not in fact paypal. But a lot of domains already elide the &quot;www&quot; anyway.<p>Of course, in both cases I am assuming that putting focus on the URL bar will display the full URL.

Its all fine until you have to explain to your loved ones how to read domains and the difference between an email link with random-server-name.paypal.com vs. www.paypal.random-name.com<p>If we remove meta data like this from everyday browsing maybe it will be harder for people to even grasp the idea of how domain names work?

The worst part:<p>&gt; We&#x27;ve worked with other browser representatives to incorporate URL display guidance into the web URL standard (<a href="https:&#x2F;&#x2F;url.spec.whatwg.org&#x2F;#url-rendering-simplification" rel="nofollow">https:&#x2F;&#x2F;url.spec.whatwg.org&#x2F;#url-rendering-simplification</a>). The URL spec documents that browsers may simplify the URL by omitting irrelevant subdomains and schemes in security-sensitive surfaces like the omnibox.<p>Google is trying to make this obfuscation a standard.

Industry wants you to open apps and click buttons and links, and not worry about such things as bothering with what the URL may be, or gasp, even typing in or editing your own URL. That&#x27;s too complicated and dangerous for &#x27;normal&#x27; users apparently according to them.

On Chrome for Android, the URL is not editable unless you press an edit button, which displays a text box. I imagine this is another step in that direction, and if you click &quot;edit&quot;, the text box still shows the whole thing.<p>Compare with how email headers work in gmail. You don&#x27;t see email addresses anymore by default, but there&#x27;s a dropdown that shows them.

Just use Firefox! And then install Firefox on your friends&#x27; and family&#x27;s computers too, and set it as the default for them. Spread the word...

Didn&#x27;t we already go through this last year?<p><a href="https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;chrome-69-kills-off-www-in-urls-heres-why-googles-move-has-made-people-angry&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;chrome-69-kills-off-www-in-url...</a>

On the chrome:&#x2F;&#x2F;flags page, these prefs are found under<p>#omnibox-ui-hide-steady-state-url-scheme &#x2F; #omnibox-ui-hide-steady-state-url-trivial-subdomains &#x2F; #omnibox-ui-hide-steady-state-url-path-query-and-ref &#x2F; #omnibox-ui-one-click-unelide

The omnibox never seemed like a crowded part of the interface, did they do any kind of user testing where they found people were confused or annoyed by this &#x27;<a href="https:&#x2F;&#x2F;www&#x27;" rel="nofollow">https:&#x2F;&#x2F;www&#x27;</a> prefix? Or is this just one team&#x27;s sense of aesthetic ?

Safari has been hiding protocol and path for years. I don&#x27;t care for it, but I also don&#x27;t think its a conspiracy to destroy the web as we know it.

It increasingly grates on me that Google seem to want to ruin the internet using their browser monopoly in service of their ad revenue.

Chrome is getting more and more user hostile. At the moment you can&#x27;t inspect a site&#x27;s certificate without going into developer tools.<p>Terrible decisions, the developers should be ashamed.

Hiding the scheme is a dangerous path, because users then have to depend on browser specific indicators of https, or other secure schemes.<p>I think it&#x27;s a bad idea for that reason, and for another higher level reason. As a developer and sys admin before that I&#x27;ve always tried to assume my users are smart people and try to educate them about what they might not know, instead of assuming they are dumb and attempting to PICNIC-proof software&#x2F;systems. I think hiding the scheme indicates an assumption that users are dumb and need to be told what to do. I&#x27;ve seen reporting on other indicators of this from Google over the last decade (e.g., Google Reader&#x27;s sunset, Google+, working with China&#x27;s censors, and others).<p>FYI, PICNIC = Problem In Chair Not In Computer

Why must we continue to insist on dumbing down our presentation of technology. Instead we must insist that users rise to the occasion.<p>We are all inextricably linked to technology and yet I wonder if the newest users even know what a file extension is; because we hide that by default for some reason now. How many people have been the victims of phishing because an alias is more prominently displayed than the actual domain which the email originated from?<p>I&#x27;m ready for a return to function over form. Do not hide information from me. If I suspect that your product development is driven by the lowest common denominator then I will look for alternatives.<p>http and https are distinct and as such cannot be hidden; you could replace them with icons (barf) or ports (unlikely).<p>www.site.com is a subdomain and is again distinct from site.com with the &#x27;www.&#x27; omitted. Just because they tend to resolve to the same server does not mean that they must.<p>Let&#x27;s just call PI 3 because those decimals are an eyesore.

About 15 years ago we, the techies, killed the IE6 super monopoly (they basically had 100% browser market share). We installed firefox on any device we could get our hands on.<p>Guess it is that time again.

Gotta say I&#x27;m not a fan of browser hiding information from the user

Sigh. Many new comers to web development learn by observing, this will take that away. Www and https handling requires explicit configuration. Unless the intent is to not let people type in www or http, but what happens when they do and it’s not handled correctly?

I&#x27;ll play devils advocate. I&#x27;m fine with this being default assuming there&#x27;s an option for advanced users to disable it. 95% of Chrome users will not notice or care about this change, and in fact will make things simpler for them in the long run.<p>Also, seriously people, ditch www. subdomains already. It&#x27;s not 2002 anymore. I cringe so hard when I see that crap in print ads and billboards.

Hiding &quot;www&quot; subdomain looks like an ugly workaround for missing support for DNS SRV records in HTTP&#x2F;browsers.

URLs are one of the few things the modern web has retained that has allowed it to be truly interoperable across different devices, platforms, and walled gardens. If we loose the URL, we loose the web. I don&#x27;t like this at all.

A lot of the comments here are about Google&#x27;s motivations for doing this, and it seems the consensus is they want to hide URLs so that users don&#x27;t notice as Google swallows more of the internet.<p>A couple question for those with this point of view:<p>1) Do you think users notice when they are using AMP articles today, even though the URL has not been hidden yet?<p>2) Do you think it would actually matter if they did notice a Google-hosted URL? Would they boycott Google or change their behavior somehow?<p>3) Do you think Apple has the same motivations as Google? Safari has been hiding www, scheme, and path for a while now. Do you think they have any valid reason for having done this?<p>4) What do you say to Google&#x27;s stated reasons for making this change (simplicity and security)?

First HN discussion: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17927972" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17927972</a><p>They rolled this out 10 months ago but rolled it back after community backlash.

This hurts younger generations. They will become more and more oblivious to how things work. They will be forced to &quot;trust&quot; someone that knows better instead of having the knowledge to decide themselves.<p>For those that become engineers, it will take even longer to untrain all the handholding they&#x27;ve had to endure.<p>If the web is apparently so damn complicated maybe we should rebuild it to be &quot;simpler&quot; instead of hiding it how it works. I&#x27;d prefer to leave it exactly how it is until there is a clear reason to revisit the design.

Reads like folks at Chrome are just making work to have work because the senior leadership has no vision. Needs to be addressed before they burn through the goodwill they’ve built up.

This seems like a bad idea.

By all means, hide the truth from the users and flat-out lie to them. After all, what&#x27;s it of their concern which site they are browsing? The main thing is they see the ads.

Good reason to de-Google my existence. When an evil thing is actively trying to destroy the Web in a way even Microsoft didn&#x27;t, it&#x27;s time for that evil to get destroyed.

What a toxic, user-hostile idea.<p>The Chromium team desperately need new leadership.

It seems this change hasn&#x27;t rolled out on Chrome 76 on a Mac. I don&#x27;t see any change.<p>(I don&#x27;t have it on Android yet.)

Can we all start moving back to firefox yet?

hiding www. seems like a bad idea.

No. This is really god damn annoying and stupid. The protocol is not distracting and www is different from non www.

What a stupid idea.

yeah, whatever, it&#x27;s too late anyway.

again??

So instead of fixing their tab interface which is terrible if you have hundreds of tabs they rather choose to fix something that wasn&#x27;t broken in the first place, gj chrome team

This is unbelievably dumb.

So google wants to replace the URL in the URL bar with a URL which is semantically different. What could possibly go wrong?<p>Seriously. What kind of incompetent, lazy people are working at Google these days? Because clearly nobody gave this any real thought.

Remove protocol? Sure an arguement could be made that showing it is redundant giving the lock symbol appears when HTTPS is enabled. But removing sub domains like m. and www. isn&#x27;t really cool.<p>I already hate the fact that chrome on mobile totally removes the URL when you focus the navbar, sucks if you want to go to some other subreddit etc.

both changes are great.<p>www must go, it&#x27;s a remnant of the past, the sooner the better.<p>protocol is not a detail that should be ever exposed to the end user, at least not in text form. visual cues &quot;you&#x27;re safe&quot; or &quot;your connection isn&#x27;t secure&quot; are much more effective.

Google doing more evil again. Fuck everyone working for this company. The devils minions is what you are.