Last week, Google began testing a new change in Chrome Dev/Canary 85, that hides the full address of the current page, only showing the website domain (e.g. “google.com”) at all times. The move attracted a fair amount of backlash, and now, the company has revealed more details about its plans and how it will address criticism.
“We think this is an important problem area to explore because phishing and other forms of social engineering are still rampant on the web,” a Chromium developer on the bug tracker for the change said, “and much research shows that browsers’ current URL display patterns aren’t effective defenses. We’re implementing this simplified domain display experiment so that we can conduct qualitative and quantitative research to understand if it helps users identify malicious websites more accurately.”
The comment linked to a paper published last year that evaluated how people perceive the identities of websites, which found that “no [iterations of URL formats and HTTPS notices] significantly impacted users’ understanding of the security or identity of login pages.”
It was also confirmed that Google will keep the opt-out mechanism that is already present — an ‘Always show full URLs’ setting that appears when you right-click the address bar. “We plan to support this opt-out option indefinitely,” the same developer said.