If you use Google Chrome, you might notice your address bar (or the ‘omnibox’ as Google calls it) looking a bit less busy than usual. That’s because the browser is chopping what Google calls ‘trivial subdomains’ off URLs, including ‘www’ and ‘https’ prefixes, and ‘m’ for mobile sites.
The update is rolling out right now with with Chrome 76 for desktop and mobile devices. Google claims that it will make Chrome more simple and accessible, showing only the part of the URL that the user types, but security-minded web users and developers aren’t so sure.
- The best browsers of 2019: a faster, safer way to get online
- Your ultimate guide to the best free password managers
- How to secure your accounts with Dashlane
Since the update, it’s necessary to click the URL twice on a desktop, or once on mobile to see whether a site uses the https protocol, signifying that the connection between your browser and the web server is encrypted.
Tell me more
Google tried truncating URLs with the release of Chrome 69 in September, but rolled back the change after user feedback was less than enthusiastic.
“Please do NOT mess with URLs,” said one frustrated developer. “Many developers use variations of the subdomain for development sites or differentiation of features and a/b testing. Not everyone’s DNS settings for www.domain.com and domain.com are the same server!”
“Hiding parts of the URL diminishes the user’s ability to trust that the information the browser is giving them is complete and accurate,” noted another Chrome user. “Nobody wants to think their computer is lying to them, but that is exactly how many users will see this.”
However, it seems the company has now decided the press ahead anyway. “The Chrome team values the simplicity, usability, and security of UI surfaces,” said Chrome security product manager Emily Schechter. “To make URLs easier to read and understand, and to remove distractions from the registrable domain, we will hide URL components that are irrelevant to most Chrome users.”
The latest Chrome update displays the words ‘not secure’ in the Omnibox if you visit a site that uses http rather than https, which should help web users know whether they can trust that the site they’re using is secure, but that will be little comfort to developers. It remains to be seen whether the negative reaction will be enough to push Google to roll back the change a second time.