Chrome 69 kills off www in URLs: Here’s why Google’s move has made people angry
With the launch of Chrome 69 this week, Google promoted new features and a new look. It gave users months to prepare for Chrome dropping ‘Secure’ from HTTPS sites and adding ‘Not secure’ in red to HTTP sites from Chrome 70.
But for some reason Google decided against mentioning that as of Chrome 69 the world’s most popular browser will no longer show the www. or m. on websites in the address bar because they’re just a “trivial subdomain”. As a result, www.zdnet.com is now displayed as zdnet.com.
For now, users can force Chrome to display the full address by disabling the flag ‘Omnibox UI Hide Steady-State URL Scheme and Trivial Subdomains’ at chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains.
The HTTPS is the ‘state-state URL scheme’ while Chrome now considers the www to be a “trivial subdomain” that the address bar would look better without.
You can still reveal the full URL in Chrome 69 by double-clicking the address in the address bar, and if you copy the simplified address and paste it elsewhere it will display the full address.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
Chrome 69’s treatment of www in the address bar is similar Apple’s Safari, but the change in Chrome has caused greater concern over Google’s motivations.
After it all, it went to great lengths to warn users about new ways it would communicate HTTP and HTTPS in the address bar, but stayed silent about dropping an equally important indicator that users expect to see.
In a bug report spotted by The Register, critics have pointed out several instances where two different sites will now look the same, potentially exposing users to phishing attacks.
For example, m.tumblr.com, which is not Tumblr’s site, is shown as tumblr.com, and it’s not immediately clear that http://www.pool.ntp.org and http://www.pool.ntp.org are two different sites. Also, in the case of a domain like ‘www.www.2ld.tld’, the www is hidden twice.
The issue has sparked a debate on Hacker News, where some argue that the change is part of Google’s long-term plan to hide its AMP subdomain and make it indistinguishable from the actual domain.
“And then suddenly the whole world funnels through AMP,” the commenter noted.
Just as Chrome 69 was released, Google told Wired that URLs are failing to convey a site’s identity, so they’re looking for something else that offers more convenience and greater security.
Nonetheless, the impression it’s given is that Google is trying to kill the URL and assert its dominance over the web.
Security expert Scott Helme reckon the change is good, at least from a phishing standpoint, since most users will understand a padlock better than https:// while removing the www means there’s less information to interpret.
Previous and related coverage
Google investigating issue with blurry fonts on new Chrome 69
Font rendering appears to have broken down when Google promoted Chrome 69 from the Beta to the Stable channel. Windows users affected.
Chrome 69 released with new UI and random password generator
Google revamps Chrome main user interface with new white rounded tabs, replacing classic gray angled tabs after a decade.
Google to remove “secure” indicator from HTTPS pages on Chrome
Users should expect the web to be safe by default, Google explained.
Windows 10 April 2018 Update battery test: Edge beats Chrome again, brags Microsoft
But the difference between Chrome and Edge has shrunk dramatically over the past two years.
Photos: 10 years of Google Chrome TechRepublic
Google Chrome turned 10 on September 2, 2018. Here’s a visual look back at the world’s most popular browser.
Chrome team wants better web addresses, not URL mumbo-jumbo CNET
Google’s newest web browser already starts trimming away bit of detail to make it easier for newbies to understand where they are on the web.
READ MORE HERE