In previous posts, including “Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme” (https://lauren.vortex.com/2018/09/07/heres-how-to-disable-google-chromes-confusing-new-url-hiding-scheme), I’ve noted the serious security and other problems related to Google Chrome’s new policy of hiding parts of site URLs.
Google has now — sort of, temporarily — backed off on these changes.
In a post over on the Chromium blog, at:
they note that URL subdomain hiding (Google uses the term “elide” — how often do you see that one?) is being rolled back in Chrome M69, but the post also says that they plan to begin hiding — I mean “eliding” — www again in M70, but not “m” (no doubt because they realized what a potential mess that made over on Tumblr). They also say that they’ll initiate a discussion with standards bodies about this to reserve “www or m” as hidden subdomains.
The comments on that Chromium post appear to be virtually universally opposed to Google’s hiding any elements of URLs. At the very least, it’s obvious that Google should not begin such URL modifications again until after such a time (if ever) that standards bodies have acted in these regards, and I would argue that these bodies should not do so in the manner that Google is now pushing.
The www and m subdomains have been integral parts of the user experience on the Web for decades. Tampering with them now (especially www) makes no sense, and (along with the other action that Google took at the same time — hiding the crucial http:// and https:// prefixes that are key signals regarding communications security) just puts users in an even more vulnerable position, as I discussed in “Chrome Is Hiding URL Details — and It’s Confusing People Already!” (https://lauren.vortex.com/2018/07/10/chrome-is-hiding-url-details-and-its-confusing-people-already).
We can certainly have a vibrant discussion regarding additional signals that could help users to detect phishing and other URL-related attacks, but any and all changes to URL displays (including involving http, https, m, www, and so on) should only take place if and after there is broad community agreement that such changes are actually user positive.
Google should completely cease all of these URL changes, permanently, unless such criteria are met.