Google: We will test hiding the full URL in Chrome 86 to combat phishing
Google will give Chrome users a large-scale test in the next version of its browser to find out how people react to just seeing a site’s domain name without the full URL of that site’s pages.
The test will be performed on Chrome 86, which is scheduled for stable release at the end of this month.
SEE: How to Become a Developer: A Cheat Sheet (TechRepublic)
Google’s new experience will involve “randomly assigned” Chrome 86 users. These users will have two choices when the full URL (Uniform Resource Locator) is hidden. Participants in the experiment would, for example, only see en.wikipedia.org rather than the full address of the specific Wikipedia page.
First, test users can hover over the restricted URL to view the full URL. The other option is to right-click the URL and choose “Always show full URLs” from the context menu. Thus, Chrome will display the full URL of all future visited sites.
The purpose of the experiment is to see if this approach helps people spot phishing URLs.
As Google points out, there are many ways for scammers and attackers to modify a URL to trick users into thinking they are opening a legitimate, genuine page.
Apple Safari is a browser that already only displays the domain name by default and, like Chrome, no longer displays the HTTPS part of the URL.
“In Chrome 86, we’ll also be experimenting with how URLs are displayed in the address bar on desktop platforms. Our goal is to understand – through real-world usage – if displaying URLs from this manner helps users realize that they are visiting a malicious website and protects them against phishing and social engineering attacks,” says Chrome’s security team.
Chrome users can test out the approach Google is exploring in the Chrome Canary and Dev channels. Users will need to open chrome://flags in Chrome 86 and enable several flags before relaunching Chrome.
- Optionally, #omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction to display the full URL on page load until you interact with the page.