We rely on URLs to tell us which websites we are browsing, but it can be difficult to spot when an address has been manipulated.
Maybe the "i" has been switched for a "1," or the "o" for a "0," and there's many more sophisticated methods scammers utilize to try and trick us into trusting malicious websites.
In response, Google is running an experiment and changing the way URLs are displayed to users in the Chrome browser.
(Image: Google) In a post on the Chromium Blog, Emily Stark, Eric Mill, and Shweta Panditrao from the Chrome Security team explain how a randomly chosen group of Chrome 86 users will start seeing URLs presented in a different way.
Rather than seeing the full address, Chrome will shorten it to show just the domain name by default.
Mousing over the address bar then expands the text to show the full URL.
The Chrome Security team explains that, "Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks." If the feedback shows a noticeable improvement in users spotting malicious URLs, we should expect Google to introduce the simpler URL display as a standard feature of the browser.
However, if you don't like the idea it will be an option you can turn off in Chrome's settings.
If you find yourself part of the experimental group trying this out, Google would really appreciate your feedback on the feature.
If you want to try it, install Chrome Canary or Dev channel, open chrome://flags in Chrome 86, and enable these two or three flags before restarting Chrome:
#omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover
#omnibox-ui-sometimes-elide-to-registrable-domain
Optionally, #omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction to show the full URL on page load until you interact with the page.
We rely on URLs to tell us which websites we are browsing, but it can be difficult to spot when an address has been manipulated.
Maybe the "i" has been switched for a "1," or the "o" for a "0," and there's many more sophisticated methods scammers utilize to try and trick us into trusting malicious websites.
In response, Google is running an experiment and changing the way URLs are displayed to users in the Chrome browser.
(Image: Google) In a post on the Chromium Blog, Emily Stark, Eric Mill, and Shweta Panditrao from the Chrome Security team explain how a randomly chosen group of Chrome 86 users will start seeing URLs presented in a different way.
Rather than seeing the full address, Chrome will shorten it to show just the domain name by default.
Mousing over the address bar then expands the text to show the full URL.
The Chrome Security team explains that, "Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks." If the feedback shows a noticeable improvement in users spotting malicious URLs, we should expect Google to introduce the simpler URL display as a standard feature of the browser.
However, if you don't like the idea it will be an option you can turn off in Chrome's settings.
If you find yourself part of the experimental group trying this out, Google would really appreciate your feedback on the feature.
If you want to try it, install Chrome Canary or Dev channel, open chrome://flags in Chrome 86, and enable these two or three flags before restarting Chrome:
#omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover
#omnibox-ui-sometimes-elide-to-registrable-domain
Optionally, #omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction to show the full URL on page load until you interact with the page.
