Something I haven't seen anyone here bring up yet: many URLs are meaningless to humans past the domain. For an example, look at the top of this page. The only semantic meaning in the URL for this post is `news.ycombinator.com`. The rest, `item?id=24156986`, is meaningless to a human. (But, of course, meaningful to HN's backend.) A lot of (most?) of the URLs on the web are not semantic. They're naked application look-ups. I claim that for this current page, there's no meaningful loss of information by just showing the domain.
But some URLs are semantic. I think losing those would lose useful information for human readers. If we could perfectly know which URLs have useful semantic information for users and which don't, and then only present those with full semantic meaning, I wouldn't mind much.
Main point: I see people saying things like "these designers think people are too stupid to understand URLS." But that ignores that some URLs are not actually meaningful to anyone.
Anticipated responses:
1. You are losing information by taking off the "application lookup" part: the information that an application lookup was made. Fair enough. But I claim it's a small loss.
2. We can never perfectly separate out the URLs with useful semantic information. Which, also probably true. But I think we can do a decent job, and as long as the full URL is present when I mouse-over it, I probably wouldn't object.
The only thing you need to actually get to the question is https://stackoverflow.com/questions/53302536, but they intentionally add an extra human readable section for laypeople.
If google actually cared about making the internet a better place, they would simply rank human readable urls higher than non-human readable ones.
But this human readable section of the URL is primarily useful for reading outside the address bar, before you've loaded the page.
Eg. if someone pasted you the URL, you can kind of get an idea of what it's about by reading the URL in your instant messenger or something. Once you've loaded the page and the URL is displayed in your address bar, you'd be looking at the page itself to understand it rather than your address bar.
The URL structure is usually mirrored on the actual website by way of clickable breadcrumbs or as navigational information architecture.
People understand slashes indicate folders and directories, even though database-driven CMSes do not use folder structures. They can figure out that they can go one level from from "example.com/cars/toyota" by removing the "/toyota"
I don’t agree with the breadcrumb mirroring. It’s orthogonal. You can have breadcrumb or not and it wouldn’t matter to the user if it mirrors the url or not.
These are for SEO not for users navigating on the page. It wouldn’t be practical for the user to read information there as they are navigating the page anyway.
> many URLs are meaningless to humans past the domain.
I'd argue this confuses meaningful with degrees of legibility. And also that it ignores how certain significant margins of users do learn this stuff.
`item?id=24156986` is immediately meaningful at least at one level: you know at some level you're looking at a specific item resource under the domain news.ycombinator.com. Processing which one requires a lot more attention and you're probably not going to build up a mental directory of corresponding numbers with discussions, and so that particular meaning passes beyond the threshold of legibility, but that doesn't mean the number itself is meaningless, anyone who's made a habit of paying attention to URLs knows what it is, just not that final layer of correspondence.
And it is not just web developers who know this stuff. I've seen laypeople who are just longtime browser users who have a pretty good idea how URLs like these work, not because anyone formally taught them how paths and query strings are spec'd, but just because the affordance of the URL bar is there and they've seen enough URLs correlated with browsing behavior to learn it by observance/association. The same way most people pick up language itself.
The URL bar teaches some people who care to notice how URLs work, which makes URLs work better as a social tech. And it doesn't require anyone who doesn't care to do so.
We lose that if we remove it. It's not a small loss.
I don't agree at all that the URL is meaningless to humans. If I want my friend to read this page, I copy the link and send it to him. That ID above is clearly the comment page ID. I don't have to see the backend code to know that.
I'm certainly not an average user, but I am a human. The URL on nearly every site gives me all sorts of information.
i would be very surprised. in my days doing tech support, i quickly learned that this was a completely fruitless exercise as a huge number of people have no idea how to use the URL bar in their browser. they know how to use google, and can click links that are emailed to them or shortcuts in their browser, but simply do not know how to navigate to a URL (even a path-less one).
i could usually tell somebody "go to google" or "click this link", but "go to <my company's website>" was met with confusion.
As an example of semantic URLs, think of Wikipedia articles (ironically, featured in the article). The URL tells you directly what you're reading about. Why is it useful to show it in full? Because page titles are no longer visible during usual browsing sessions - they're shown in tab headers, which means in practice, you only get to see a favicon and maybe a word of the title if you're not a tab hoarder. So once you've scrolled halfway through a large article, the URL bar serves as the indicator of what you're actually reading.
The same applies to news sites, magazines, blogs, Reddit, social media sites - which is quite likely the majority of browsing done by normal people.
I think you've identified some meaningful next steps to try after highlighting that the origin is the most significant part of the URL. Maybe the omnibox space can show the page title?
The 24156986 is semantic though; the ids are assigned sequentially to submissions. Early submissions have tiny ids like 495. So they are at least as meaningful as bug tracker ID's or version numbers.
Now, it is true that version numbers etc. could be more meaningful. Jeff Atwood wrote an old article about the "infinite version" in Chrome, where the version number basically doesn't matter until you're checking to see if you're up-to-date. Personally I've switched to using dates / times in my ID's. HN could do that too; an ID like 2020-08-14-10-12-13-99 is longer than the current ID's but not by much. But overall it seems hard to draw a line in the sand where dates are semantic and version numbers aren't.
It isn't meaningless to all humans - we get screenshots sent in to our support team all the time, and even if the end user doesn't know what the URL means, the support team does. That quickly lets them recreate problems, find bad data, and give the devs enough information to reproduce bugs.
> If we could perfectly know which URLs have useful semantic information for users and which don't, and then only present those with full semantic meaning, I wouldn't mind much.
That's a very large if, IMO. We cannot do this, practically speaking.
Even in semantically meaningless URLs like the one in your example, there is still an important part of semantics retained and that is identity. By having the URL available you can at least compare two URLs and judge whether they are the same URL or not. Additionally, there is a 1-to-1 association between URL and content: for each unique URL, you get some unique content.
I agree there might be some UX improvement possible here, but faced with the looming threat of Google AMP, it's not a time to twiddle our thumbs and idly fantasize about this without a complete and robust plan on how this improvement might be done.
I also think that by hiding the URL we will make ordinary users even more ignorant about how the web works. It will truly appear like magic, since they will see identical strings in the URL bar yet they will be served different content. How does this even work? No one knows! Expect users that won't even know how to copy a link to someone.
Excellent point. But the information I want before going to a URL is different from the information I want while there. But if we could reliably separate the two, I don't think I would object to this kind of a UI change in principle.
this site is fine since these are submissions but its so satisfying when you can just edit parts of the url and go directly to the date and category you want
> For an example, look at the top of this page. The only semantic meaning in the URL for this post is `news.ycombinator.com`. The rest, `item?id=24156986`, is meaningless to a human.
I agree, but I'm going to say the unpopular thing: HN has problems and is an archaic design from the past, and this issue is due to the proliferation of changing the titles of posts (thereby breaking a vanity URL) or changing the URL that the story points at to some other website. Using a vanity URL doesn't work for how the owners run this website and its my belief that it's in the minority along with forum (phpBB e.g.) websites and does not represent the larger percentage of the internet using vanity URLs with human readable text strings in them.
While many URLs are not designed for human consumption, many are, and many users are "trained" to some degree to understand them. But most importantly, users need some visual (or auditory, if sight-impaired) cue as to what kind of site their on, what domain at the very least. That's why HN puts the domainname of the authority of any posted links next to the title.
Regarding URLs that are not designed for human consumption, if they can possibly land in the status bar, then that's on their designers. Yes, of course, that's exactly what malicious players will do: design URLs that users can't parse -- but that's no reason to hide the bar altogether, but rather to hide parts of the URL (e.g., the scheme, the credentials, maybe the fragment, the query, even the path -- everything but the authority).
But then again, you could argue, that URLs are meaningless to people. They are just some weird text and have neither face nor voice.
I am not sure what google tries to accomplish with those changes. Somehow it feels like some UX designer has made this his personal vendetta. Didn't they try it already some months ago and got pretty clear feedback?
If this is about phishing, who established the theory, that people who don't understand URLs, understand how phishing works and that even the slightest deviation in a domain is dangerous?
not only are some URLs meaningless, they can in some cases be intentionally misleading. by hiding the non-domain portion of the URL, google is showing the only actual authoritative information contained in the URL: what site is hosting the page.
The only real use the path has left on a URL is as a permalink sometimes and for non-computer people it's not clear at all when it is and isn't. I've been sent to many "did I forget to get anything" texts with a link to somesite.com/cart.
Not to laypeople. Most people have no idea what query params are, or even what part of the url the top level domain is. You can explain what they are easily, but it still wouldn't be useful to laypeople. What can my mom do with "item?id=24156986"? Outside of developing something that interfaces with HN, I don't know what I would do with that info either.
A layperson wouldn't know what the "7394" in "7394 Foobar Road" means or why "Foobar Road" is a road called "Foobar" but that does not mean we should give Google the right to eliminate street addresses.
A URL is an address. All your mom needs to know is that if she goes to https://news.ycombimator.com/item?id=24156986, she will end up at something and she will be able to come back to it later, that's what's useful about it. And besides, there are URLs that are semantically useful, such as reddit's "u/username" or "r/subreddit" schemes.
Of course, the URL is being assaulted from two other fronts, with websites turning into single page apps and with social networks constantly making it difficult to share URLs.
People type street addresses into forms all the time though. Of all the times people type in a web address, what percent of the time do you think they type in anything past the tld? 99% of all the times they enter something in the address bar that is longer than just the tld, it probably got there by them pasting it.
I think that's what it comes down to: if you're just copying and pasting the whole thing, there is no need to show the user all the garbage after the tld, it may as well be totally random characters to them. You can still copy and paste the whole thing.
I'm not sure whether I'm in favor of this change or not, but I can see there are at least some valid reasons to do it.
> 99% of all the times they enter something in the address bar that is longer than just the tld, it probably got there by them pasting it.
Then the existence of the URL is still justified by giving the user something to paste. So what if the user doesn't know what every single part of the URL means? They know that this URL gets them to this page and that URL gets them to that page. It's visible cause and effect. Get rid of it and we end up with "magic" where copying "news.ycombinator.com" on one page will produce a different outcome from copying "news.ycombinator.com" on a different page. This is how it works on iOS today and I think that eventually, users who only interact with iOS devices will not know what to make of that.
Weo hide all complexity from non-technical users then winder why they don't understand the complexity that's still there underneath. I don't believe that we should continue doing that. If the problem with URLs is the URLs being long and scary, let's make websites with better and more readable URLs.
The average person knows that a URL is a string that (for all intents and purposes) uniquely identifies a web page on the internet.
There are some cases, like with Facebook/Google/YouTube, where they add a bunch of tracking info onto the URL, obscuring which segments of the URL are optional vs. required.
But I think that's exactly the point, isn't it? To make it a lot less noticeable when you're being tracked. This change will enable a lot of URL funnybusiness that harms users.
I think the point is that outside of some big sites like Reddit with /r/ that over time the actual path has become completely meaningless and is just a site-specific chunk of data that sometimes happens to be a permalink useful to users but often is just a way for the site-operator to organize their stuff.
This whole thing is just a reflection of the trend that URLs just mean actual.user.path.domain.tld/server/route#client/route
Funny, I actually can't thing of anyone under the age of 30, lay or otherwise, who hasn't figured out that odd looking string in the URL bar is the name of the web page. They then rapidly figure out if they want to share that web page with a friend, all they need to do is send them that string. I don't know how they've learnt that, but I'm guessing seeing it they are the top of on every web page must be a bit of a give away. If that doesn't give it away, they first time they have to copy and paste a URL it probably dawns on them.
Shorter version: you say people don't notice patterns when they see the same thing over and over again. I've don't think I've met anyone under 30 who doesn't. And once they've noticed, they then exploit the patterns to their own advantage.
I'm not saying they don't understand that the domain name specifies a site, and the entire thing identifies a unique page on that site (usually), I'm saying how the latter works is virtually magic to them. They don't parse the contents or do anything with the pieces, it may as well be random letters and numbers after the tld.
My assertion is that the vast majority of people do two things with the address bar:
1. Manually type in a web site address, but nothing past the top level domain
2. Copy or paste the entire thing
I think what you're asserting is that people look at them, understand them, and then apply that knowledge somehow. I disagree with at least the last part, and probably the first two to a lesser degree.
What percent of laypeople do you think have manually altered a URL like your eBay example? I've done the same thing with Amazon product links myself, but I don't know anybody else who has. I just don't think it's very common at all.
How is Hacker News item 24156986 that different from say Harry Potter and the Goblet of Fire page 134? Even ordinary people can understand numbered things with info on.
Wow - top posts are conspiracy theories. "The only reason to do this..." "This is a security issue..."
Google has millions / billions of users. From a security standpoint the focus should be entirely on the root domain, that is the only really meaningful root of trust.
If you are talking about a security issue - the KEY security issue is ANY lack of clarity around root domain.
"Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage." is a statement they have around this change.
I think I agree - I suspect other browsers will have to copy chrome (again) in de-emphasizing the leading URL (often used for fishing).
Folks seem to miss the fact that google chrome was a minor competitor initially it IE - and their focus on things like ... security ... helped them become absolutely dominant. A fair number of enterprises have (finally) started slow slow switch to mandating chrome.
My first thought when reading this was relief... For my mother.
I've spent most of my adult life trying to teach my parents to look at the address bar to make sure they're on bankofamerica.com and not some random phishing domain. That kind of falls apart though when it's... bankofamerica.comm.phishingdom.com/{random filler}/bankofamerica/user/login
HN users are fantastic at thinking all technologies should revolve around their niche use case.
I wouldn't assert it without strong evidence. This URL comprehension problem is probably more complex than what people usually think. There are a number of studies about this issue, if you're interested.
I don't have a formal education in CS, but I really enjoy reading papers on programming (languages), architecture, data-engineering and web related things among others, especially when they have a practical focus/impact.
Is there a good way for me to find or rather discover resources like these?
Not sure about filtering for practical focus/impact but https://arxiv.org/ is an amazingly useful and informative repository of papers that you might like. Also google scholar is good, but more general.
> The root domain is highlighted in FF. This must be enough for visual testing.
I've been using Firefox for years and never realized this. Looking up at the top of my browser, I can see that "ycombinator.com" is highlighted and the rest of the URL is a darker grey. To me, this seems like a good compromise; you still get the full URL but the important parts stand out a bit more.
Exactly - also if you do any penetration testing of your staff side - the key to get something through is have the name of the company it seems anywhere in the URL. Literally - lkjljkdfskjfsd.com/bankofamerica/securelogin.do etc.
Part of the issue I've noticed is some sites actually do outsource things to other sites (microsoft has a lot of redirects on logins so you used to end up on passport.com I think to login, and then to something with azure, then office... etc). Combine this with subdomains and trailing urls and internationalization efforts and you are in trouble.
This must be just because of how we scan / read things? Ie, a quick cross check. A lot of people maybe don't parse all the elements properly (,.:?& etc).
The other issue - let's say just 2-5% of chrome users are confused. That still is a HUGE number that are confused.
> their focus on things like ... security ... helped them become absolutely dominant
I don't think Chrome's security features had anything to do with its ascension. Chrome took off because it was fast and had a good UI (iirc it had the ability to drag a tab from one window to another, a while before other browsers did).
The average user knows nothing of the security features of their browser.
Chrome took off because Google leveraged their position in another area (search engine) in order to push it. Exactly what people were concerned about with Microsoft and Windows/IE.
I think Microsoft at the time probably thought it's own engine was also better in many ways. It was in several regarding power efficiency and things like pen/pdf support.
Reason Chromium was chosen was more because they already had a bunch of developer experience with the engine.
That and more importantly it would cause Google to lose some control over Chrome and the web. Now Google can't exactly do further anti-competitor shenanigans like the whole shadowDOM fiasco and youtube. In this case adding random features to chrome, implementing them and causing other browsers to have a bad experience.
That and because edge is as fast as chrome (if not faster), there is less of an incentive to switch to chrome.
Oh and Microsoft is one of the few companies to be able to maintain a hostile fork of chrome and have it competitive. Largely because they have enough resources to match google for Chromium.
This is one of those cases where Microsoft can subtly claw back marketshare by playing the strength of chromium against Google. They wouldn't be able to do the same at all with Gecko/Firefox.
I think they were the first to have separate processes for tabs (?) which you could really see add robustness - when flash could blow up your session etc you could much more easily close out the offending tab.
They were stricter and more prompt in blocking things like activex controls, they'd remove features tabs would use to try to take control of your session or confuse you. All these enhanced security and usability.
There's no disagreement here. Chrome brought lots of good security enhancements, and raised the bar for other browsers, but security isn't the reason people made the switch.
Yes, Chrome was the first to do process-isolation. As for ActiveX, I believe that's generally only available through Internet Explorer (not Edge), I don't think Chrome ever supported it. [0]
The degree to which HN is obsessed with AMP is hilarious at times. You'd think every single one of the 100k engineers that work there do nothing but dream up ways to trick people into using AMP for some secret illuminati end goal.
If you don't like AMP, that's fine. If you don't like this UX change that's fine too (and I suspect will be easily fixed with an extension). But maybe consider for a moment that not every single UX change to a product with a billion users is part of the vast AMPiracy.
You say this as if those engineers (and it's not 100,000) are all voting in a democratic decision-making process on feature direction. It's a very small number of senior leaders who make these calls.
Remember, Sundar used to be in charge of the Google Toolbar. That was his claim to fame inside of Google before Chrome.
Nobody is claiming the following ridiculous statements:
> every single one of the 100k engineers that work there do nothing but dream up ways to trick people into using AMP for some secret illuminati end goal.
> every single UX change to a product with a billion users is part of the vast AMPiracy.
But Apple does blatantly MITM urls into their own proprietary walled garden! Just a few days ago there was a HN post about Safari On iOS 14 redirecting from certain articles to Apple News. It was, of course, quickly flagged away from the front page.
That the HN audience in aggregate has a hypocritically lower appetite and interest in Apple's web shenanigans, given that a moderator never identified anything actually wrong with the submission and given that Google would be crucified for a similar action in Chrome for Android.
i always thought it was kind of strange how apple somewhat gets a pass for still releasing it's browser according to basically the IE6 model and worse (since you can't even install competing engines)
People (at least some %) just trigger on see the company name in the bar - if I gave a pop quick to all your relatives do you think they could accruately manager to describe all the separators and what they mean? ?&/: etc?
They've wanted to remove the URL for AT LEAST 6 years - it's been a well known issue inside google that URL's dont' do a good job showing orgin info.
> Folks seem to miss the fact that google chrome was a minor competitor initially it IE - and their focus on things like ... security ... helped them become absolutely dominant.
Security is a very small factor, if a factor at all, for Chrome to have become dominant. The main reason is because they keep/kept pushing everyone to install Chrome when you visited https://google.com (by showing you a small popup window).
Microsoft had IE as the DEFAULT - and did plenty of pushing itself.
Across almost all dimensions chrome was better when it came out - people seem to forget how horrible browsers were historically (and how easily abused). I know ages ago of an entity that just got tired of dealing with the problems folks caused not using chrome (whether it was chrome's website blacklists or whatever - folks using chrome were less likely to get ransomeware - period). Literally - EVERY install of crap seemed to be coming from IE users, except one case I know of where someone had a chrome extension change hands and go rouge.
I don't really have any evidence (hopefully Google will be required to release that evidence in a monopoly probe) besides what I recall from advertising but security certainly doesn't seem to be the primary factor. Speed certainly brought in a lot of users, but by the time Firefox caught up, I am not sure what the market share was (at first there was a huge difference in performance, I don't think that today's difference in performance is comparable).
Domains are only a meaningful root of trust if they're tightly controlled by a small set of people. A piece of content being on 'news.ycombinator.com' or 'github.com' literally tells me nothing about how trustworthy it is. In the case of yc, i have to look at the poster, and the actual content, and the replies to it. For github, I have to look at things like who posted the code and which repository it's in - both things that are displayed in the URL, oddly enough...
Google's URLs are of course long strings of useless hex/base64 garbage, so it's natural that they want to hide them.
100% false. If you login to news.ycombinator.com it's unlikely you are logging into a fishing site for ycombinator. If you login to github.com - again, very unlikely github is running a phishing scam on you.
Google has not only become dominant because their product is good.
First and foremost, they leveraged their market power through android and their search engine to get people to use chrome.
As another said -- chrome was dominant before Android was a player.
Firefox blew a hole in the IE wall. Then chrome came along and was more acid compliant, leaner (Ux/ui), faster, and it's approach of per-tab processes was superior to a lock-up prone Firefox, or IE.
The other biggest factor IMO Chrome greatly focusing on developer tools --> eventually stealing away firebug dev, and in turn taking the throne as the developer browser of choice.
Chrome was already very popular by the time it became any good (compared to Firefox).
But even sooner than they investing in dev-tools, they made a killing from tab isolation right at a time when Firefox had most of its stability problems.
So the theory is that this is part of Google's evil plan to make it impossible to tell the difference between an AMP page and the real page because the next step is to remove the URL bar.
Given that this change makes it plainly obvious what domain you're on... Now tell tell me if this is a genuine concern or a conspiracy theory.
The title is misleading and people don't read the article.
Chrome is not hiding the bar address, it is only showing the domain in normal times, and showing the full url when you hover the bar
Personally I find it better for non technical people, because they can focus on the domain only. For tech people you have the option to keep the full url visible at all time, which fixes the issue.
As for people complaining about AMP, this is something different, which has nothing to do with displaying only the domain, but instead "showing the real domain when you are on a google AMP page"
> Personally I find it better for non technical people, because they can focus on the domain only. For tech people you have the option to keep the full url visible at all time, which fixes the issue.
I think a large part of my repulsion to this change is mostly because Chrome has a history of removing options constantly. A weird default with a setting to get to more expected behaviour is fine, but I have no faith in them to not remove the full url visible at all time option at this point.
Sounds about right... I am still cheesed that they're treating the address bar like where you search. For me, if the address bar does happen to go away, so does chrome.
I already have the "Always show full URLs", so you know what I prefer, but isn't this the same or similar to Safari's default behavior for a while? I don't hear anyone still complaining about that.
They're just trying to prevent phishing. Remember when the DNC was hacked?
Employees at the DNC were linked to sites that looked exactly like the Google sign-in page, except that the URL was "myaccount.google.com-securitysettingpage.tk".
From interviews, it seems like there's two features Chrome developers are working on try to prevent these kinds of attacks. One is to hide the subdomain so that people can't make such tricky looking URLs. Another is feature to identify lookalike URLs and let users know about the anomaly.
(Disclaimer: Work at Google but not affiliated with our security team or with Chrome.)
Those URLs have to actually contain the name of the brand in the thing that is being registered with the domain registrar. Which is a _lot_ easier to find and proactively shut down than things in subdomains which may only be visible once a specific URL gets resolved (wildcards etc.).
If they hide the subdomain, then if users see google.com at the start of the URL it will actually be google.com. Tricky URLs like "myaccount.google.com-securitysettingpage.tk" would get displayed as "com-securitysettingpage.tk" instead.
I get emails from some banks with instructions to spot phishing. One of those is to look at the full URL in emails or on websites to know if it’s authentic or not.
For better or worse, the URL scheme is what we have to identify websites and pages. Hiding that on larger screens doesn’t make much sense. It also hinders learning for the next generation.
Actually, that's their argument for doing it. Most users don't understand the different bits of a URL, to know whether it's from the site they think it's from. See (huge) previous discussion from two months ago: https://news.ycombinator.com/item?id=23516088
Personally, for my own purposes, I think hiding any bit of the URL is incredibly inconvenient. Already hiding the www. is seriously annoying. I will switch this new behaviour off and hope they don't remove that option.
If that's really their justification, then I wish they would take the approach that Firefox does - show the full URL but have the domain name in white and the rest of the URL in a muted color. It provides the full information as well as highlighting the most important info for spotting a phishing scheme.
I didn't notice Firefox does this before your comment. On my screen the domain is black and the rest of it is gray. Maybe it's because I don't have any kind of night mode thing on. I'm sure the colors would be inverted with that enabled.
It is not just inconvenient, hiding or modifying URLs is a lie and is a security problem. Hiding part of the URL means that you don't really see what's going on, and that is the first step towards a security problem, not away from it.
All of the TLS handshake configurations are hidden from your UI. It is hard to see "what's going on". You aren't shown a cert signature each time you request a page. Yet the lock icon doesn't get hate.
The non-domain information in a URL is useless for making security decisions for virtually 100% of users. If anything, it has negative utility since you can make URLs nearly arbitrarily confusing as part of a phishing attack.
I don’t understand, the lock icon gives you exactly the information you could want from that though? It tells you immediately if the site you are on is HTTPS, you don’t have to hover or anything. And if you want even more details (which is not something anyone does while they browse the internet, FWIW) you can also get that information too. This change hides the information that people actually expect that UI to have–that’s why there’s an option to in-hide it!
What if I want more information? I want to know what TLS version both parties negotiated. I want to know who signed the cert and when it expires. Etc. etc.
The point is that "the UI should express everything a power user could ever want to know about some security-adjacent property" is not the status-quo and people should not act like it is. Dropping to just domains is like shifting from a big blob of text including a ton of request information to just the lock icon. It distills it to something that covers basically all the information you'd ever actually need and is comprehensible to typical users.
I mean, I was upset when Google moved the certificate details from just click on the lock to click on the lock and go into developer tools and do some other bs I've forgotten since I'm no longer working where I need to confirm certificates. However, I figured that the number of people checking certificates was very small, so trying to use our weight to change Google's mind was fruitless. Fighting against hiding the URL seems a lot more tractable --- although, I just took it as a sign that Google doesn't want me to use their browsers, so I stopped.
I agree. But I'm afraid Google's solution is going to be along the lines of showing a green mark for anything served from their own servers, with the subtle implication that anything else is less trustworthy.
I didn't know there is an option to change it back, thanks for pointing that out. I've found it really frustrating when trying to copy different parts of the URL.
Just fyi, the google chrome plugin "Suspicious Site Reporter" reverts the url back to how it always was, with http:// and www and everything else. It's very lightweight and you can just leave it on, don't have to report anything or do anything with it.
Hopefully it remains this way _forever_, even with these newer changes as well.
Embarrassingly I let checking the URL bar give me a false sense of security and got phished for the first time just a few days ago. They put a fake URL bar into the page and made it look like a proper OAuth2 URL. (My 2nd factor saved me from giving them access since it slowed me down enough to notice some subtle oddities, but I still had to change the password since that was already submitted)
The real protection against this is making it impossible for me to send credentials to the wrong party. Normally my password manager helps with that, but I had just switched managers a couple days before and it wasn't recognizing all sites properly (likely due to the lack of a database of known equivalent URLs). If the site was using WebAuthn, there wouldn't have been any issue because the imperfect URL checks by me and the password manager would not be necessary.
Remember folks, Apple has been doing this in Safari since 2014. And there's been zero uproar over it at all. I don't understand why people suddenly hate this just because it's Google.
For most users, total focus on the domain name is a security feature. For 99% of users, what comes after the domain name might as well be gibberish. I mean, it is a majority of the time.
The first time I used Safari and didn't see a full URL was the last time I used Safari. I didn't raise a fuss or take to twitter, I just stopped using it. I'm probably not alone.
In addition, Safari has a very small slice of browser usage in the overall scheme of things. I suspect the uproar would be just as vocal if their usage numbers were in the range of Chrome's.
Same here. Recently I though I'd try out Safari again. Started browsing reddit and kept forgetting what subreddit I was on. It was then I noticed something was wrong.
When the final version is implemented in a couple of years you will no longer see any URL, that way it won't be as evident that most sites on the web will be loaded from Google.
Google is also attacking this issue from a different perspective with Signed Exchanges [1][2], to fake the URL and ensure their success in becoming the gatekeepers of the internet.
If you refuse to become a content provider for Google's vision of the web, then they currently won't feature you at the top of search results in the Top Stories carousel, and perhaps demote you entirely from the first page in the future, depending on how their hijacking strategy works out.
Yeah the endgame would involve a play-store like 30% cut of any revenue, subscription, ads, anything. 30% cut from non-Google ad network revenue as well. At that point publishers won't have a choice any more because of the Chrome and Google search monopolies.
By that time it will be warranted to limit user freedom on the web to make security and privacy accessible for everyone, just like Apple does today on their devices. The scary open web and the meaning of a general purpose computing device will be easily forgotten.
I think the easier version of that is AMP gets favored and AMP only serves Google ads. I never really thought of that being the endgame, but it makes a lot of sense now that you say it.
I wonder how bookmarking and auto-complete work with signed exchanges. I don't think they could ever remove the URL completely because it conflicts with their extortion scheme for AdWords where they'll sell your trademarked words to the highest bidder.
What happens if Chrome shows no URL and Google sells the AdWord for your bank's name to a malicious actor? That's a huge liability can of worms IMO.
I'm not sure the signed exchanges are all bad either. I'd rather have visitors seeing example.com than example.google.com/amp/ or google.com/amp/example.com. Isn't it better for your brand to be in the URL and bookmarks / auto-complete to go to your domain (assuming it works like that)?
I'm not convinced the whole web identity push is 100% bad. I don't trust Google, but as a general concept I think there's some technical merit in the idea.
Lean websites are NOT featured in the Top Stories carousel, only AMP websites, so this is not primarily about page speed. If page speed would be the main reason for AMP, they'd simply continue to demote websites that have poor performance in search results, and they'd curtail the main bloat from sites in Chrome, ads and trackers.
But I agree that Google has used this talking point successfully so far to bully publishers into giving up autonomy on their websites in exchange for being featured in top results, even when these sites have a great score on PageSpeed Insights.
Google plans to change that as part of it's current focus on Core Web Vitals and non-AMP sites will be eligible to be in the Top Stories carousel if they're fast enough
AMP has done nothing for speeding up the web in general; in fact I know web properties that implemented AMP instead of focusing on core speed issues with their main site.
It's also notable that AMP projects almost always originate in an SEO strategy, not engineering.
Google was on the right track by including side speed as a signal in ranking. From Google's perspective, that became problematic because it started disproportionately punishing sites that run lots of ads... AKA some of Google's most important customers. AMP is a site speed initiative that is more compatible with Google's corporate strategy.
Yes. But AMP wouldn't have had much value if sites were fast enough, Google used that as an excuse or maybe a genuine strategy turned into a lock-in plan.
The hipster macbook pro webshit who doesn't know what O(n) means, and the jobsworth drone manager who couldn't see beyond quarterly profits don't have any rights to cry about AMP now. People like AMP pages as evident from many discussions, because they feel faster than the rest of the web.
Almost every AMP page I went to felt slower than when I went to the real page behind it.
I think a significant portion of that was that AMP wants everything rendered in a single paint. As opposed to the typical news site which shows the article for a while, then later hides it when the javascript had time to run. Seeing an article while the page finishes loading feels a lot faster than seeing a white screen until the page finishes loading, even if the content moving around on the first one is annoying.
Jake Archibald (a Googler) presents some decent points on this on the HTTP 203 podcast: https://youtu.be/0-wB1VY3Nrc
I still don't agree with the removal of URLs, but I do still recommend watching the entire video if you want to get more perspective on the issue (beyond just the conspiracy theories about AMP and control).
It’s certainly a conspiracy theory, and I’d call it unlikely, but I wouldn’t go so far as to call it ridiculous. Much worse things have been known to happen in business.
And for those of us who still compile ff from source and remove/add things as we please, we'll have to see people moan about something they always had and will continue to have control over, but long ago rationalized away seeking comfort in the chaining of their minds to things/ideas that are foremost in the best interest of others and not themselves.
If you have such complete control over your applications, why do you have to see anything you displease? Just add a filter to your Firefox that removes such complaints before they are displayed.
Well, I have to make a living catering to people (on mostly my terms and my time frame) complaining about things they have no intention of trying to do anything else about… seeing the complaints and lack of solutions adopted is a good sign for a captive market :P
I still haven't found a good answer why they do this. "Makes it harder to tell if the current site is legitimate" sounds like an excuse. If you are the perfect target for a phishing attack (= clicks on everything, enters passwords everywhere, has no clue about host names) then you also won't be able to understand what Chrome presents you in the address bar after obfuscation.
My best explanation so far is that the Chrome team doesn't know how to improve their browser anymore so they just make up work to keep the software engineers busy.
Trying hard not to sound like a conspiracy theorist. However, it's pretty obvious this benefits a walled garden strategy. With things like AMP, "rich snippets", etc, they keep eyeballs on Google owned properties longer. Slowly deprecating urls over time makes it less visually apparent.
AOL was able to sell "keywords" this way, because it wasn't always obvious to their users how to get to the real internet.
It's not a wacky far-out conspiracy theory to notice that Google is attempting to dominate the internet. It's a serious problem that we need to do something about before it's too late.
It is, however, a wacky far-out conspiracy theory to claim that Google is developing this feature for the purpose of internet domination.
The given purpose is phishing prevention, which is the same reason why this exact feature has been part of Safari for years yet no one pointed out that it was a nefarious attempt by Apple to takeover the web and further their walled garden.
Splitting up your plan into discrete parts that seem relatively inert on their own isn't a new thing. ANFO is a good example.
And it's pretty easy to do this in a way that front line and low level MGMT Googlers wouldn't know.
The AMP lead, for example, has posted here, and seems credible and very competent for his own intentions. I'm not convinced he's totally aware of the intentions of his leadership chain.
You're literally describing a conspiracy theory and dubiously speculating on malicious intentions. That's my point.
I'm saying that it's a wacky conspiracy theory that Google is hiding the non-domain parts of the URL to dominate the internet, and you come back with:
What if Google leadership was conspiring in such a secret, surreptitious way that middle management and possibly even the AMP lead doesn't know what's going on? What if this is just a small part of some grand plan?!
Is the treachery of domain-only URLs so deep that even Apple didn't realize they were carrying out pieces of Google's ultimate plan?
"looks" legit because it contains the string "microsoft.com" (and most "regular" users won't appreciate the different parts of a URL); under the new scheme, that would display only as "scamsite.com" and hopefully people are less likely to enter their microsoft username/password if "microsoft.com" doesn't appear anywhere in the address bar.
I'm not overly convinced of this personally, but I think that's the supposed idea behind it.
I think microsoft.scamsite.com would fool most of the people that scamsite.com/microsoft would. It's a very difficult problem. Can't we have something like certificates for domains, so we can at least trust the most potentially vulnerable cases?
If EV certificates were good they'd be great for showing alongside the URL, but they're both expensive for most (used to be $100/yr if you go for the cheapest vendor, now heavily discounted since the URL bar change made it lose value) and the legal entity verification doesn't work in a sense that company names aren't unique[0].
They (EV certificates) also don't do as much as you probably think they do. Or, I suppose, seen from a different angle, the actual dnsName matching does a lot more than you realise.
When you visit news.ycombinator.com obviously the browser confirms that the certificate presented is for news.ycombinator.com and not anything else. Because the machine does dnsName matches and machines are fast, it happens prior to every single transaction as necessary. In contrast EV information like company name can only be checked by a human, slowly, after a transaction already completed.
Suppose I hit this "reply" button to post this, but bad guys have just at that moment intercepted my network connection. The browser connects to news.ycombinator.com and... their certificate either isn't trustworthy or isn't for news.ycombinator.com and so this text is never sent to the bad guys at all.
But EV certificate details are only useful retrospectively. The browser can tell me after the fact that it posted the response to "Phishing Corp. Ha Ha Ha We've Got Your Data Now" but it doesn't actually know that's the wrong place so it won't abort the transaction.
For this and other reasons the entire EV design doesn't really "work" from a security point of view, and wasn't ever really intended to. It's a marketing idea, not a security idea.
Firefox's approach actually doesn't have this issue, it highlights only the actual domain. So for microsoft.scamsite.com, scamsite.com would be highlighted, and the rest in a darker gray.
One could hide the subdomain too (yes, I know there are cases where you have a different trust relationship depending on subdomain - but these are rare).
In my experience companies are pretty bad at always using their own domain even for legitimate things. I suspect it is because getting IT to do something like setting up a subdomain in any company I've worked in is virtually impossible, whereas buying a new domain is easy.
So I think most users wouldn't think something like `microsoft-it-support.com` would be suspicious.
This is a huge problem in government from what I've seen. In Canada, every province code has a longstanding two character .ca domain I think they all have a 'gov' 3rd level domain. For example, in Saskatchewan we have gov.sk.ca. However, instead of using that namespace, some departments go and register domains that look like phishing URLs. How about ehealthsask.ca for everyone in Saskatchewan to access digital health records instead of ehealth.gov.sk.ca? Yep, that's a thing.
It's pure idiocy. Instead of teaching the public that *.gov.sk.ca is a trustworthy, government run namespace everyone has their own domains and the general public is left to guess what's legitimate and what's phishing. Good luck with that.
Yeah, this is very annoying. It's not every company, but it's enough different companies to be a problem.
PayPal (a company that more or less constantly moans about phishing) operated www.paypal-special.com which is a tremendously phishy-looking name, but it was a real PayPal site until they shut it down.
One nice side effect of WebAuthn binding credentials to a dnsName is that you can't change domain names without trashing all the credentials. It's mechanically impossible. So when yet another marketing genius wants customers to go to some-daft-marketing-idea.example instead of your-actual-website.example they can put fluff on that site if they want, but any sign-in or other credentials stuff will need to happen on your-actual-website.example anyway.
From an advertising perspective if the cost to serve amp is less than ad revenue, this makes perfect sense. Every click on google goes to google, and you’ll like it too bc you won’t have a choice.
> “Makes it harder to tell if the current site is legitimate" sounds like an excuse.
Why? To me, having helped elderly relatives with computers a lot, it is very plausible. Phishing URLs use all sorts of subdomain and querystring tricks to fool users, and it can work.
IMO this is the real reason why they're pushing hard towards this:
However, it's also worth considering that making the web address less important, as this feature does, benefits Google as a company. Google's goal with Accelerated Mobile Pages (AMP) and similar technologies is to keep users on Google-hosted content as much as possible, and Chrome for Android already modifies the address bar on AMP pages to hide that the pages are hosted by Google.
We are going back to AOL days. That didn’t work out so well for AOL in the long run. It’s kind of crazy to me you can’t do marketing now without at least discussing Google and Facebook these days.
Edit: at least you knew you were the customer with AOL and paid them with clear terms for access.
The only difference is that Google has endlessly more clout and depth than AOL and my fear is that where AOL failed, Google may succeed.
With Firefox succumbing this week, this is pretty horrible.
I’m not a Richard Stallman type, but I think it’s come to the point where if you have even the slightest pretense of being a “free web” person, using Chrome or a Chromium-based browser has become unconscionable. This company is playing embrace extend extinguish to a T and they are nearing the end game.
I switched to Firefox this year and so can you! Just download it, install it, and then clear your Chrome history so it doesn’t feel like home anymore.
Firefox is really nice and I was surprised that I don’t miss Chrome at all (except for the developer tools color picker).
> I’m not a Richard Stallman type, but I think it’s come to the point where if you have even the slightest pretense of being a “free web” person, using Chrome or a Chromium-based browser has become unconscionable.
Thanks for phrasing it like this - I'm also not a Richard Stallman type but it's hard to disagree with this statement. Just downloaded Firefox and made the switch.
Clearing my history/sessions in Chrome was an important factor in adoption for me as well. It helps that when you start typing in that search bar, it doesn’t feel familiar. Took a few weeks but did eventually stop looking to Chrome. Now I just use it for testing/Android debugging.
I have this shell script as `chrome-new` in my path for testing in Chrome and the rare site that is broken in Firefox. It gives me a totally clean profile each time to minimize the amount of Google spying that goes on and reduce my tendency to use the browser for anything but the current task. Sadly despite --no-make-default-browser, it still asks me with an infobar every time I start it.
#!/bin/sh
test -e "$(which chromium)" && CHROME="chromium"
test -e "$(which google-chrome)" && CHROME="google-chrome"
test -e "$(which google-chrome-dev)" && CHROME="google-chrome-dev"
TMPDIR=`mktemp -d /dev/shm/chrome-XXXXX`
$CHROME --user-data-dir=$TMPDIR --no-first-run --no-make-default-browser "$@"
rm -rf $TMPDIR
AFAIK guest mode acts like incognito when it comes to storage behavior (changes stay in-memory and are not persisted to disk, and therefore available storage is noticeably lower than with a regular profile), so it will trigger incognito mode detection scripts on some times.
I've been using Firefox/Safari on my personal devices for a couple years now, but as a web developer I unfortunately can't not use Chrome at work because of its dev tools. I try to test on other browsers when I have time - I've always made a point to push for supporting at least Firefox, as an organization - but when I'm iterating I really just need the Chrome tools. Firefox's tools always remained one or two steps behind, and now that they fired their dev tools team I assume they won't even be doing that, soon.
The same goes for Google Search/DuckDuckGo. I use the latter on my personal devices, but when I'm tracking down a problem at work I just need the thing that's going to work the best.
I used to think they weren’t as good, but they are good. And I think I’m a pretty serious dev tools user.
BUT, if you want to keep using Chrome dev tools that doesn’t mean you can’t switch to FF. Just de-personalize Chrome (clear you history, sessions, settings etc) and then you’ll stop using it. Say you’re developing and open a new tab to search something on SO: you won’t be logged in on SO. Same goes with any site. So you’ll instantly realize you’re using Chrome to browse and hop over to FF instead.
Seems like a lot of work but it’s not. Maybe I drank the kool aid but I now feel naked browsing with Chrome and try to avoid it as much as possible. I think the important thing is to stop using Chrome for personal browsing.
I disagree about DDG :). For work-related searches I'm really satisfied with the results and I find answers quickly. I would even go as far as to say that it works better for me than Google's search.
I experienced it the other way around. When using DDG for personal use or results about local things I often tend to use the Google bang as Google has the better localized results.
I use Firefox as my daily drive, and I still don't get what's so special about Chrome's dev tools, I test on Chrome and open the dev tools but I prefer Firefox overall. It's a damn shame they fired the Dev Tools team however, that is not a visionary move on Mozilla's part.
Depending on your IDE, you can make it just open Chrome when you boot up web projects. That's what I do, but I do normal browsing on Firefox, it helps keep distractions away even. Leaving Chrome with only work related things.
Some of it may just be familiarity, but it always seems like there are little things that aren't all the way there. Some of the CSS property selectors aren't as rich, last I checked the profiling tools weren't as powerful, that kind of stuff. Things you could live without, but I feel a certain amount of responsibility when I'm on the clock to not hamper my productivity by using a tool that isn't the best one available.
> I unfortunately can't not use Chrome at work because of its dev tools
Why? I’m a full time developer at a Fortune 100 company and I have no issues just using the Firefox dev tools. I literally never use the Chrome dev tools. Though, this might soon change now that Mozilla has laid off the dev tool team.
Yes. For sure. Sadly I find myself g!-ing all the time but good to at least try them first. Sometimes I g! and go back, which always feels serendipitous.
That's exactly what any CEO or "Downsizing Consultant" would say. That may be an OK situation for a corporate company, but for a non-profit foundation like Mozilla, its unhealthy and rings some disaster bells.
I’ll add my voice to that, I’ve been using Firefox as primary dev browser for a couple of years now and it’s a perfectly cromulent choice. I don’t miss Chrome one iota, far from it; when firing up Chrome to investigate browser-specific issues it seems alien now.
My level of respect for origin was similarly the tie-breaker when choosing between Vue, Angular, and React.
Its the opposite. They are on a down slope to irrelevance.
All these moves just turns up the temperature of the innovation cauldron, speeding up the pace of whatever will replace them.
More clout and depth has nothing to do with longevity. See every Empire that has evaporated in History.
Google will fail faster than it took most empires too for 2 reasons
1. Things move much faster these days. The time between rise and fall keeps shrinking for large orgs struggling to cope with the furious pace of change.
2. Complexity of playing empire defense grows exponentially with scale. You can't find enough skilled people quick enough. You cant solve increasingly complex issues with just your cash hoard. You can't escape increasing internal politics that slows the speed of innovation within. You can't escape external actors mistrusting every small move made etc etc etc.
So they will keep making such moves. And there is a way to speed up their decline - Encourage them and praise them for whatever they come up with.
The problem is that there are simply no good free browsers that are not Chromium-based or Firefox. It doesn't seem viable or worthwhile to write a web rendering engine from the ground up. We're heading rapidly towards a Blink/Webkit monoculture.
Currently. Though Mozilla is giving no clear plans on continuing the projects importance. If anything it seems Mozilla is planning for an eventual sunset. Hoping to have revenue alternatives for when Firefox is irrelevant and they stop supporting it.
Firing a team building a meaningful advancement in Firefox's tech stack is a big signal, imo.
It's pretty good, albeit much less good since the old XPCOM extension support went away. (My position is that XPCOM compatibility could have been maintained in a multi-process world through better dynamic object proxying.) But as Mozilla's money dries up, so will Gecko, Servo, and a bunch of other fascinating projects. It's sad. But the web won't stop evolving, so we're going to end up a webkit-only world.
They became the villain when they started deliberately positioning the ads on their search results screen to trick people. Which I'm sure makes them lots and lots of money but is definitely evil.
Google is many different companies and products, and some of them I'm so grateful for. They provide a simple product that does something magically better than the competition, don't screw with the recipe. I give them my data because I like the service.
But the company-wide decision to manipulate the URL as a business strategy drains all my enthusiasm. The "U" is really important! The URL is basically a filename that you use to access the data store called the Internet. Don't take it away from me by the brute force of market dominance. I need to be sure of where I'm addressing my packets. Don't tamper with that essential construct.
I use both browsers, but without Firefox, I'd be lost in the wilderness. With its recent layoffs I'm worried about the web.
Is it really a company-wide strategy to manipulate the URL? The Chrome change was based on user studies that showed that people do not understand URLs.
The days of URLs as a data access key are gone. So many other things (cookies, etc) go into controlling what pages show that what was originally a 1:1 mapping between URL and content is now a many to many mapping. I'm not saying that's how it should be, but that's the web we live in now.
Doesn't matter if they understand it or not. It's the one and only barrier between you and malicious actors, or you and a monopolist. And oh look there's Google, attacking the one thing that protects the world from their ownership of the web.
People might not understand how a seat belt works, it's still there and we still use them.
It doesn't really make sense, though. The AOL thing was always things like "visit AOL keyword lord of the rings" at the end of trailers, and that would take you to the marketing site.
If Chrome wanted to do that, in the example gif the keyword wouldn't be just "en.wikipedia.org" for the URL article, it would be something like "wikipedia URL" that would bring you back to the page you're on through a google search.
It isn't that Google built a faithful recreation of AOL's mechanism. The claim is that Google is in a very similar ecosystem position with very similar incentives to attempt to Own All The Traffic.
I realize hindsight bias is at work, but I think I preferred Microsoft playing the Shitbag Monopolist role. They weren't passive aggressive about it, at least.
I'd say that it's just as common to hear "google Our Brand" as "www.brand.com" at the end of television adverts now. That's entirely anecdotal, but Google (or other search engines, but basically Google) has been for a long time the way to access sites.
I see people every day searching for a brand and clicking rather than appending ".com". It's more convenient. If Google can profit off laziness, they will.
I tend to search the brandname if I'm not sure about what the domain is. There's quite a few Dutch brands that are either on .nl or .com. Or their brand is already in use by another company, so they've got some extra text in theirs. Or their name has a & in it and they might use "n" "en" or "and" in their actual domain.
Google doesn't like you using the term "google <something>" because that opens the door towards a genericized trademark (like xerox or cellophane), but plenty of advertisers buy keywords or a phrase on Google and then use terms like "search for <keyword or phrase> to find out more" in their radio/TV/outdoor ads.
I'm not sure if it's entirely laziness. Unless given a URI through some other medium, you can't expect to find a business by simply appending .com, .org, .net. there are only so many viable names in this structure and collisions are inevitable.
At one time, there were less organizations online but now, almost every single business, large or small, has a web presence over viable domain name scarcity.
As such, discovery service online is a necessity. Google and other search engines fill that void. Now should they completely replace domains? Probably not, at least not yet, but some other addressing scheme needs to exist if we want to be less reliant on services like Google. Personally, I just use other search engines. If I'm not finding results I fall back to Google.
I dunno, AOL was extremely successful and people loved it. I'm not ashamed to say I liked it, having everything in the same window. Google could only hope to achieve that fluidity. Messaging, Email, and web all in one workspace.
AOL really only declined because of the rise in high speed internet, and their awful business model and practices.
The market also offered better services eventually and AOL simply couldn't keep up in every area. It slowly chipped away at their user base. Messaging was one of their killer features and apps like ICQ slowly ate them up while AOL tried to ride the same strategy of being everything to everyone into the future. I do agree it was a great experience for what it was, back in the day.
AOL had a particular mismanagement problem that Google doesn't have.
AOL didn't lack depth: they literally had email (@aol.com), social media (AIM), video-calling (Vonage), cloud filesharing (Xdrive) and so much more.
Ultimately, they failed because (1) they were overvalued to begin with and (2) had a bad innovation model (top-down) that led them to (a) over-commit to online ads and (b) under-commit to broadband.
Google is sustainable & mature, and it has a distributed innovation model that will avoid the particular mistakes of AOL.
Google is reacting to the Walled Garden trend, not driving it.
I meant to say that Google is well-positioned to take advantage of being a Walled Garden, and is doing so now because the model is being built out out elsewhere, both domestically (Apple, Amazon) and abroad (WeChat, Jio).
Instead of browsing via URL, companies could buy "AOL keywords". A user could just put in a keyword, like "dog food", and AOL would send them to a particular dog food page. In the days before good search engines, this was very convenient even though it was obviously pay-to-play.
When dial up Internet was a thing, AOL was the leader in that universe. It was basically one of the earliest walled gardens out there. They had their own chat, email, etc. You accessed it all through their desktop client. You never had to leave the AOL application to experience "the internet". They of course were still providing general Internet access, so you could still fire up Netscape [and earlier browsers] and cruise to whatever websites you wanted. The Internet eventually eclipsed what AOL could offer for most people and their premium price and sometimes dodgy Internet service eventually fell by the wayside to a more open Internet experience for most users.
Edit: AIM was a really popular messaging client for years after the fall of AOL as a premiere dial up Internet service.
To amplify that a bit, AOL started out as a pre-Internet online service, competing with the likes of Prodigy and Compuserve. It wasn't until 1993 ("Eternal September") that they opened up Internet access to their users.
Movie trailers often had them, sometimes long after AOL had declined in relative popularity. An example I mentioned in another comment was at the end of one of the lord of the rings trailers:
I have no idea how popular they ever were, but I'm sure there's a large segment of people that find it easier to remember and to type in "Lord of the Rings" into their computer than "www.lordoftherings.net".
It seems like we've reached that already. I've seen TV ads where they just say "Search for $KEYWORD" instead of a URL (admittedly that's more average-user friendly than making them input dots and slashes). Or posters that have [f]/someFacebookPageName or [i]/instagramUsername with the icons to indicate Facebook/Instagram.
The recent mobile Firefox is worse in every way that matters to me:
° Breaking recent add-ons (for the few add-ons that exist). I added a close-tab icon to compensate for the bad tab-ui. It's gone now.
° URL-bar hiding is wonkey. Some overlays disable hiding due to recent phising attacks. Now, for overlays, it is always present and hides the bottom of the page. This is very annoying when links are hidden behind the bar.
° URL bar (2): where have my bookmarks gone?
° URL bar (3): no more editing the URL if anything was *ever* searched in the current tab. Instead it edits the search. The URL is inaccessible.
° After 'Open in new tab' there is an annoying delay for 'Switch' again hiding links.
° Tab selection is just bad now. Preview is broken. If anything is displayed, it is often the image of two sites ago, even if the page has rendered.
° Tab selection (2) no more moving the tabs?
° Tab selection (3) why waste so much space? Using only 80% of the screen. And every tab wastes two lines and a half of useful space. Why is only the domain shown? Why not truncated or cut in the middle?
° Tab selection (4): newly opened tabs are hidden, you always have to scroll up as the current tab is always first, older tabs are lower.
° about:config is broken. Certificate error. Certificate error is broken too. Thus no disabling reader mode.
These are papercuts, every day, every time I use Firefox. /rant
With Blockada, you can block lots of stuff at the DNS level, so it's more tolerable. But it doesn't block everything, uBlock is smarter. Still I keep it running, it's especially great for all the other apps trying to talk to ad or analytics servers. (I'd actually like to combine Blockada and NoRoot Firewall though...)
I use an old phone (until Librem ships...) and I switch back and forth between Chrome Beta and Firefox... they each piss me off. Firefox is slow, I've tried the newer fenix system and it's not really better, plus it crashes a lot. Especially on sites like mobile twitter, probably in part because of the overhead of uBlock having to fix up the DOM; essentially the crash is a failure in handling a system out of memory error in a low level part of the graphics stack that mobile chrome had a long time ago too but managed to fix years ago. Recently chrome pissed me off more because when I tried to take a screenshot of a tweet with a funny google translation, chrome+android colluded to block it because of some issue like "the display contains protected DRM content." Firefox, no issue, apart from crashing 10 minutes later. At least I haven't lost my tabs to a Firefox crash (mobile or PC) for many, many years.
I tried. Tab switching was - for me - horrible compared to Chrome (chrome:swipe down, swipe address bar down, select tab you want from carousel).
I kept looking if i missed this obvious feature. I tried to live without it, but Firefox mobile's tab switching just turned out to be a deal breaker for me.
If anyone had some tips: please!! I'd vastly prefer using FF on mobile.
Tab switching on Firefox Nightly is much better as of a week or so ago. You can now swipe left and right on the address bar to go between tabs, just like in Chrome. It's particularly nice when the address bar is on the bottom.
On the other hand, I didn't have a problem with tapping the tab select button in the non-beta app, where it's in exactly the same position as it is in Chrome...
URL bar on the bottom sounds amazing :) I'm all in favor of moving all toolbars, search fields, any sort of interactive controls to the bottom on mobile interfaces. So much easier than having to reach to the top of the screen at random, even if it isn't always thumbable.
Good point, address bar on the bottom may not even be the default. I think it makes great sense though. Looking forward to the current Firefox Beat replacing the main Firefox app so I can free up a lot of space on my phone... :)
This is the problem with the whole industry right now.
How Google win - and they do it with many of their products - is that they bother to make their products just superior enough to the competition, that you basically have no choice but to use their product, unless you want a deliberately inferior experience.
It's not just Chrome vs. Firefox, which I'm very sad about. Another big example for me is on my iPhone. Google's GBoard is simply superior to anything else I've ever tried, and yet I know it's spying on absolutely everything I'm typing on the device (pre-encryption), at all times, and it even bullies me into staying online if I want the keyboard to work fully properly. (It's slower and the prediction stuff doesn't work half as well if I'm in flight mode for whatever reason.)
With Firefox axing the entire Servo team along with a bunch of other technical people, I am very afraid for its future in terms of technical development. Especially for the macOS version, that so far has always been the red-headed stepchild.
It’s got me in quite a pickle since the only alternative that is privacy friendly and cross platform (macOS, Linux, iOS, Android) is Brave, and Brave, despite good or at least decent intentions, has done some questionable things.
Considering their main revenue sources will likely be decimated, it makes sense to focus resources on the primary browser engine, and allow the open source community to build out the experimental features, moving temporary resources there as needed.
The thing with Open Source is that even if Mozilla Corp goes under, all of us can continue building out Firefox like a regular open source project. Or the Linux foundation could pick it up, etc.
That's literally how Firefox was created in the first place, as an open source continuation of the Netscape browser.
Using Firefox will lead to improvements that will persist even beyond Mozilla Corp. In the meanwhile, Mozilla Corp can be looked at as an experiment to commercially and profitably develop Firefox, which, if it fails, will require us to switch to the non commercial models that are driving several other open source projects.
I hear you, but simultaneously everyone (including me) has a certain limit to which they will be principled. If it happens like I mentioned, I will jump ship. On macOS, Firefox still guzzles battery compared to Chromium browsers. This seemed like a thing that, whilst not fixed, was actively being worked on. If I had to hazard a guess, that will slip heavily in priority now.
I don't think this is true at all. If anything, this change actually hurts AMP because now none of the original host url is visible at first.
I don't like browsers that do this, its the first thing I turn off in Safari, but how does Apple manage to get away hiding the full path under positive intent, but when Google does it its because they're evil?
I think it's pretty fair to say that the wider population of users aren't very good at determining which part of the URL is the authority, so any change to help with that can only be positive imho.
> I don't like browsers that do this, its the first thing I turn off in Safari, but how does Apple manage to get away hiding the full path under positive intent, but when Google does it its because they're evil?
I don’t like it either, but I assume the difference arises from the fact that Google would benefit from deemphasizing the URL and has done work already in faking it, while Apple probably does it because it looks clean and it thinks its users will be tricked by apple.com.help-virus-14682825821&824826.
To play the devil's advocate, Apple's Safari has been hiding full addresses for quite a while, without having any direct benefit as a company as far as I know.
To get what you're seeing, I had to turn on the option to see the full URL. Otherwise it just shows the domain. That was several years ago though, so maybe it's no the default anymore.
I get it though, most people really only care about the domain and in fact, trimming everything else makes the actual domain easier to spot when it's not the domain you wanted, such as in a phishing attempt.
More like 3% on the desktop. Mobile is not really relevant here. The URL bar on those devices is obviously shorter to begin with because of less display width. So just showing the hostname is not much different than showing the hostname + 5 characters.
It need not be malice. It maybe because the design people think people are too stupid to understand URLs.
As other comment mentioned, Safari does it too.
The trend seems to be abstracting away stuff like filesystem. Many people I know don't even organize stuff into folders on their phones. Everyone seems to dump everything in Download or something like that. The existence of separate applications for Music, Video and Photo content makes it irrelevant to some extent.
> It maybe because the design people think people are too stupid to understand URLs
You may be right, but it's hard to see why this would be a concern in 2020. The number of users who have actually grown up with URLs in their childhood increases all the time.
Anecdotally, it seems computer literacy is actually dropping over time. I taught an entry-level scripting course aimed at medical graduate students for several years, and each year the number of students who did not comprehend even the concept of files and folders was higher than the previous year.
I don't think dealing with files made people any more computer literate, nor is understanding the folder/file UI abstraction any more of a badge of tech literacy than understanding what "pull to refresh" might do on an iPhone.
We like to overdramatize the importance of computer literacy because we take it for granted that computers are our livelihood, not some principled quest of self-betterment to understand the world.
We're like a group of mechanics finishing each other's sentences over how everyone should know how a carburetor works, and then circlejerking over how we "failed the people" with the move to power steering. And don't even get us started on how push-button ignition set the public's car literacy back 100 years from the golden age of turning a key to really understand the inner workings of locomotion.
We failed by no longer giving anyone the ability or even the right to understand their tools. A computer is just a tool to get things done. It's perfectly reasonable that to a lot of people, it will remain this black box of magic they'll never understand. But now it's a black box to everyone, including non-technical people who cared enough to know more about their tools even if they weren't their primary interest.
It feels to me that tech will eventually hit a point where there's only two ways to interact with it. Either you're a "typical user" who has a glass orb you speak into and pray that it does what you ask without shattering to prevent tinkering, or you're a programmer who gets a command line and that's it.
Growing up with computers as a new thing that most adults didn't understand, the majority of people who understood them were children. I also thought that as computers were everywhere, children after me would all understand them, but that didn't happen.
With ubiquitous computing, the ratio of children who understand to children who don't is a little higher than when I grew up, but not that much. Clearly, some children grew up with me who were willing didn't get the skills because they had no access, but lots of kids are either need directed instruction to attain technical literacy, or are unwilling or incapable of attaining it.
Reason number 368 why I've moved everything to Safari + DuckDuckGo. I still can't believe they won the suit with Genius and being caught poaching their content for their own representation
Little changes over time, so you don't see the end game right away. Signed exchanges and further hacking up / hiding the URL will come. This change only hides some of the URL, with a hover action that shows it again.
I really don't get why people think that signed exchanges are this super nefarious plot to destroy the open web when it's exactly the thing that would make a distributed web possible.
Disconnecting content authorship and publishing with hosting so that literally anyone can host web content securely is fantastic!
* Want to bootstrap your IPFS network? You can safely and securely host a huge chunk of the web from big publishers on day 0.
* Want to compete with AMP? Now you can because AMP isn't special anymore!
* Are you a small ISP that wants to cache web pages close to your customers to reduce bandwidth usage?
* Archiving website has never been easier since they're already bundled and packed.
We've already reached the point where the content you're seeing and the server you're connecting to are completely disconnected. Signed exchanges just democratize the process instead of requiring every publisher to pick a CDN.
I don't think most of the people angry about signed exchanges necessarily want a distributed web (everyone hosts), they want the old decentralized model (many servers with different content). They want Google to stop telling them how to format their website, and they want Google to stop rehosting their website as a condition of search-engine access. That last one in particular isn't a centralization issue as much as it is a copyright concern. If people are angry about technology that makes it easier for Google to proxy their content, they sure as shit aren't going to want technology that lets randos do it too.
Not to mention, the decentralized web also means more privacy concerns. In the old model, the only entity that knows you downloaded a particular file is the server you talk to. With AMP, Google is now involved with that data flow. This is a third reason why people hate AMP, but it could be worse. Google is at least still a moderately trustworthy entity for a lot of people. However, what about Archive.org? What about Amazon, Facebook, ByteDance, or Brave Software? Each entity has far different trust implications compared to Google. You may trust them more or less. Just signing the web content only validates that the content itself hasn't been tampered with, not that the place you got it from is going to have your privacy interests in mind.
All of which can be done without AMP, hiding the url, or forcing companies to use it or lose their SEO placements.
It's the SUM of the pieces that point to Google's endgame, not the individual pieces themselves.
I have an idea.
Move forward with signed exchanges, and then prohibit them from being used to obscure the content source (more specifically, require the 3rd party to reveal themselves)
I mean I don't disagree with you that I should be able to look and see what entity actually served me the content in the same way I can see who signed the sites SSL cert but I'm still 100% in favor of having browsers present display the bundle's URL in the browser because that's the site your viewing.
A site that uses Cloudflare as a CDN isn't cloudflare.com/site/nyt.com. The whole point of these things is that if you have some vested interest in being a CDN for chunks of the web for your users you don't have to set up a partnership with them and proxy their site or have their certs you just download the bundle and go.
I detest AMP, but I'm very much looking forward to signed exchanges.
> I really don't get why people think that signed exchanges are this super nefarious plot to destroy the open web
My biggest concern is that the request will go to a google-owned server, where google can fully track me, and my browser would be lying to me about being on a non-google estate I might assume be free from Google’s tracking.
Site-owners will now also be forced to buy into Google Analytics since they have no requests in their own server-logs to analyse.
It’s a power-grab. And obviously google is doing this to increase their ability to do full internet-wide tracking.
> My biggest concern is that the request will go to a google-owned server, where google can fully track me.
I'm not exactly sure what the fear here is. You're only getting to the page by clicking a link in Google Search and then your browser fetches a bundle from Google's servers.
In your ideal world you would click a link in Google Search, telling Google what you're looking at, and then connect to the site via Cloudflare, and the source site's servers telling them too?
The flip side to these is that your browser can actually act as your agent with this. If you find yourself a nice privacy-respecting CDN then your browser can try to pull from there when you click any link and you now have way less exposure.
The difference is that Google likely has ulterior motives with this change, whereas in Safari, it's purely aesthetic.
Edit: I've just tried it in Chrome (enable [0] and [1] or [2]), and it's a disorienting user experience. As a matter of fact, I also just tried it in Safari, where I have similar complaints (but, again, it's easy to disable there).
I just confirmed that desktop Safari has exactly the behavior this post describes. If I visit any Wikipedia page, what I see in the URL bar is "[lock icon] en.wikipedia.org". The path is entirely removed.
> “Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage," Chromium software engineer Livvie Lin said in a design document earlier this year.
I’m a software engineer, too, but I would never make such an important UX decision because I know that is not my area of expertise.
I hope they’ve gotten significant user feedback on this before rolling it out.
I wonder if Livvie Lin and other Google engineers read such HN threads. What might be their internal discussions, I wonder.
How do they justify such design decisions? Are they asked by someone else to figure out how to make such wierd things happen as they just do as ordered?
It's Nanny State rationale at best, or cynical condescension -- I hate it, too. I switched from chrome back to firefox a year ago, with no loss of anything.
Vote with your choices (use a different browser). That's the only way to address such behaviour. Yes, I know the 95% out there who don't even know what a browser is but only know Chrome's icon gives access to the web won't understand any of this and they will continue giving mega-corporations a critical mass of unquestioning users to be used, but we have no other options.
We either express our voices, no matter if they're fringe (and hope it catches on) or we can just give up and not even write these articles any more.
> Yes, I know the 95% out there who don't even know what a browser is but only know Chrome's icon gives access to the web won't understand any of this
I find it fascinating how some people in tech bubbles think everyone else is a stupid sheep who can't possibly understand such incredibly complex concepts like what a "browser" is.
I've met very intelligent people who have zero understanding of computers: they have been trained to click certain icons to be able to reach google for a search. I'd be interested in data supporting either more or less fluency than we might expect - but you wont be able to do an online survey to get it :)
> I've met very intelligent people who have zero understanding of computers
I'm curious - how do you reconcile thinking they're very intelligent with thinking that they're utterly unable to grasp the basic concepts of computing?
And that, precisely, is my point: as an industry we'd rather tell ourselves that it's all so impossibly hard and beyond the grasp of the common person rather than admit that we just suck at explaining things and educating people outside our bubbles.
> I'm curious - how do you reconcile thinking they're very intelligent with thinking that they're utterly unable to grasp the basic concepts of computing?
Understanding computer systems requires both cultural and institutional knowledge. Not all intelligent people possess this knowledge. My grandpa is a great example. He’s a retired English professor and has deep knowledge of literature and the structure of English language. He’s still incredibly sharp but he cant use a computer to same his damn life.
> as an industry we'd rather tell ourselves that it's all so impossibly hard and beyond the grasp of the common person rather than admit that we just suck at explaining things and educating people outside our bubbles.
Using computers is very hard. I think you are underestimating the amount of time you and others have spent learning “basic” computer skills (email, word processing, web browsing, etc) that many haven’t had the time or opportunity build. I started learning how to use a computer when I was a little kid, maybe 5. over the course of my childhood I built up those skills to the point where they endemic and felt simple, even natural. These things take time and purpose and many very smart people do not get the opportunity or reason to build these skills
just because someone is good at one thing does not mean they are good at (or care to be good at) another thing. Can most people be educated on $BASIC_SUBJECT? For the most part, yes. Are they interested in doing so? In many cases, no.
Some examples off the top of my head:
A teacher I worked with who previously owned his own business literally thought the screen/monitor of a computer could watch him. Even after going over how computers work, he looked shifty at his computer. He was unconvinced.
A teacher I worked with could not, after multiple sessions of helping her, understand how to sort outlook mail.
A former boss (owned his own business, made great money, very smart) double clicked _everything_, even when single click would work. Was not interested in changing.
A doctor friend using his patient software - if anything went off script, he had to call in someone else to get him back to a known point.
A former math professor neighbor needed to regularly send out mailers. I helped him set up the most simple solution I could come up with for printing the mailing labels. "Here, open the internet, go to this site, log in, and click the save link. Open this other program, import that data. Load your printer and press print." He needed help. Every. Single. Time. While he said he understands that he pays AOL for internet, he said he does not know what that means (this was like 5 years ago, still using AOL?!). Tried to probe his knowledge and help fill gaps. Never happened. If his internet browser icon moved, he could not get on the internet.
I'm a reasonably smart guy. Don't ask me to fix your car. Or paint. I'll make a mess. Also, basic medical/biology goes in one ear and out the other.
My best friend (granted this was back in high school) could not spell "girl" (literally, "hey, how do you spell girl? Uh, girle?") or solve two step algebra equations. But he could rebuild an engine and identify the type of aircraft flying overhead by the sound the engine made. Mechanical genius. Fast forward a few years, and he found out he really likes geology. Suddenly, he is able to write coherent essays and solve advanced chemistry equations. Amazing what _interest_ in something can do.
Any reasonably intelligent person can be taught a lot as long as they are interested. Many people are just not interested in learning new things, especially when it comes to computers.
Now, on the complete flip side, a service clerk I was talking to two days ago likes to scan in 3d wood models, clean them up in vector based image software, move the files to autocad, and use a laser cutter to make the same models out of metal, and uses an older version of Premier to edit drone footage he captures. My mom figured out on her own how to spoof her user agent to access media that was not supposed to be available to her - but still thinks I hacked her phone via an old computer tower of hers that I was unable to fix.
I spent 6 months tutoring senior citizens on how to use computers (specifically it was word processing).
Believe me... some of the gaps in knowledge are alot wider than you'd imagine. None of them even knew what I meant when I mentioned the "URL bar". These are people who had previously used the web to search, pay bills, etc. To them, "the internet" was the entire computer, and had no concept that the browser was a distinct entity within it.
You're 100% right this is teachable but it is important not to understate the size of the canyon.
More or less this is true. I encountered even web devs who thought it was unimaginable to change browser. Because extensions, because differences in css and so on.
IE8 PTSD.
For common user largest tragedy is lost of opened tabs. I seen this over and over again. So many people think there's no such thing like bookmarks and they keep their tabs open until OS crush or something.
Depends. I have seen a lot of people who don't understand such things. And I have seen teachers who think using a different editor to write a program might affect output.
> I have seen teachers who think using a different editor to write a program might affect output.
Isn't this fairly common for Notepad for windows though? Weirdness and unexpected output due to ansi encoding rather than utf-8 IIRC - it may be fixed now, but i vaguely remember something about this
> Vote with your choices (use a different browser).
You almost don't even have to. Microsoft's Edge is basically a rebranded Chrome with all of the Google stuff stripped out. You can keep using the same extensions, etc.
This is why we should jump over to Firefox. Today! And by us I mean we who know that this is a bad idea. Mozilla is suffering and this is our last chance to not let Google and chrome have total dominance over the web. Mozilla copies Chrome a lot, but they need more market share to be able to get a say here and take the point of us power users.
I have been using and contributed to Firefox for years, and it is a great browser!
Come on, we know better! Use Firefox or watch Google destroy the open web. It's up to us!
Mozilla has flaws, yes, but this is important! That technical users continue to use Chrome is beyond me.
Google renewed their deal [1] and Mozilla is still going to get 400-450mil per year until 2023 at least. Yet they gutted firefox servo, devtools and MDN teams.
Using Firefox from now on is just feeding the troll called Mozilla management. We need to seek another open source privacy oriented browser or have a serious foundation like Apache fork Firefox.
URLs are supposed to be human-readable because they're intended to signal to users what the content is about.
What is not human-readable, although fully semantic, is all the parameter trash that comes after full URL. Stuff like "utm_source='twitter'&utm_medium='social_share" or cookie information and the like.
I can understand trimming that information, but hiding the URL to show the domain only makes no sense.
Those are two examples where the URL is canonical and shouldn't be shortened.
There are probably many, many more. Very often the only place you can find the date of a news story is in the URL due to them using some version of Wordpress but not putting the date in the article past a certain age (F YOU, Guardian).
Google has clearly thought this through and decided that whatever they're getting out of this is FAR MORE IMPORTANT than the best interests of their users.
Then you've not used many AMP sites - many do not function properly and try to 'stream' the content as you scroll leading to a garbage experience and missing content.
Maybe we tend to go to different websites, but I don't know how you can make that initial statement. I use my phone to browse the internet a fair amount.
I understood the "Why do you need OSes" as "Why would you use Windows when you can use ChromeOS, since the only thing you'll ever need to open is Chrome"
And all of these opinions are obviously not held by the poster but are rather what the poster believes Google wants.
If it is sarcasm, it’s not great. These exact points are commonly made by people who clearly take them seriously. These people are obnoxious enough, there’s no need to reproduce their talking points.
My experience is that as much as some geeks love to go on about web apps, real people still do more than browse the web on their computers.
Now you know about web. Many (all?) people here (reading this shit) know. If you hear about what they are into, they are trying to get ''the next billion'' people into Their hands. Most of this ''next billion'' people don't have the time and/or courage to learn anything. They want to get their job done. (They will learn if they're forced to.)
What these big companies are trying to do is very clear. They don't want these fools to know much about web. If these people suddenly starts learning about how web works, that'd be a disaster (for Them).
Now, the address bar is just a distraction to them, nothing else. Now, if Google is removing them, let them. If the address bar is hidden, then there's less clutter. So, they'll think that it's better. (You and me know that isn't any better for us. I'd be really angry if they completely remove it.)
> Why are you referring to those big companies as 'Them'?
"The next billion" was a codename for "gaining access to Chinese markets", not "fooling tech-illiterate people into becoming Google loyalists".
The reason why the address bar is being tweaked in this manner isn't to hide the Internet from Internet users, it's to hide insecure parts of the URL. Only the domain name portion of a URL is actually secured by anything, and only the part closest to the right of the domain. Most people don't know or care that they need to run a set of regular expressions in their head and consult with a list of public suffixes to validate if a website is legitimate. They're just told, "Look for microsoft.com in the URL", and then they see http://123.45.67.89/~spam/microsoft.com/techsupport and think "Well, it says Microsoft, that means it's Microsoft".
It's not so much that Google doesn't want people knowing about the web, it's that people already don't know much about the web. It's not the people's job to know all of the relevant technical standards when they just want to know if a security alert in their e-mail is an actual thing they have to worry about or a phishing scam.
google is not attacking the url bar, it's attacking dns, just like aol and verisign (and others) before it. google wants to replace the decentralized dns system with a centralized google lookup service, powered by their principle competitive advantage, search. google wants to control the internet itself.
they're banking on the idea that the average user wants to type (or speak) "macdonalds" and end up engaging with mcdonald's in some form. google wants to be the gatekeepers of the whole internet, not just the browser. the browser is small peanuts in comparison.
the simple narrative of this title/story is the kind of distraction we need to see right through with large organizations everywhere, whether it be a corporation, a government, or anything else. we the people must keep these entities in check so that they serve the greater good for all of us, not just the narrow and corrupt.
"Always show full URLs" is such a breath of fresh air. It eliminates all the URL butchering (e.g. inconsistent hiding of http/https) that Chrome had been doing for more than a decade.
Though I'm not seeing the option by default on a fresh install of Chrome 86; hopefully that's just a rollout glitch.
The average user sees http://123.45.67.89/~sk/microsoft.com/techsupport as a legitimate Microsoft website. That's what this change is intended to fix: users that see a domain in any part of the URL as being valid. They want to change it to only show the part that's actually security relevant. If you tell the average user "Look for Microsoft in the URL", and they find it in the path, they're going to fall for a phishing scam.
Protocol hiding was recently fixed, via the "Always show full URLs" option. The default is still an inconsistent mess, but checking this option makes the URL bar so much better than it's been in years.
There are a lot of comments about hiding the URL "because the user doesn't understand" -- has there been any research into user education directly in the address bar?
Like, fresh install page points @ google.com. Why not A little browser popup highlighting the parts of the URL and explaining it, with a link + tutorial on how to understand parts of the URL?
Rather than dumbing the interface down, why not inform users so they can use these platforms more effectively?
If you like chromium ecosystem, I suggest trying the Vivaldi browser. https://vivaldi.com
It won me over with
(1) the ability to split the window into multiple tabs
(2) ability to turn any webpage into a side-bar "applet-thingy" -- great for having whatsapp, todoist, always on the side while you switch tabs.
It also has plenty of other features aimed at power-users.
Can confirm. Vivaldi is absolutely fantastic for the reasons you named, plus its ability to use all common Chrome extensions such as uBlock Origin, uMatrix, Dark Reader, etc.
It's a problematic change, but is actually more usable. Now as a developer, I don't have to worry about changing the URL too much, in order to enable deep linking and the back button. I also don't have to worry about the unsightly but useful query parameters on a search page. This should become the new standard.
It's not like the mailboxes that the USPS is removing, ostensibly in response to declining mail volume. The mail boxes weren't in the way. They were built according to the city codes. Removing them before an election is all downside, and no upside.
The path and query params in the URL are in the way. If you're making a page that's a list of data that gets filtered, each time you change one of the filters, and call replaceState when it changes, it would change the URL bar. That's visual noise.
I used to be against this, because I'm against Google's overall agenda with the web. I thought about it and couldn't deny the usefulness of being consistent across mobile and desktop, and letting the URL change as frequently as is useful from the developer perspective.
> I don't have to worry about changing the URL too much, in order to enable deep linking and the back button. I also don't have to worry about the unsightly but useful query parameters on a search page. This should become the new standard.
I've been a web developer for both small and large companies for over 20 years and can assure you I have never worried about such things.
I’ve wondered why we continue to display URLs as painfully-long single lines of text. Tradition? Why is this helpful anymore? (e.g. On an iPhone it’s not easy to edit the end of a URL.)
If it’s so damn hard to display full URLs on one line, let’s display them on several lines (at least after tapping on them), broken on dots to wrap. Spaces aren’t valid in URLs anyway.
I've thought about this as well. Tapping the URL bar on an iPhone should open a multi-line wrapping text block that doesn't require painful horizontal scrolling.
If URLs get hidden in such a way, developers are going to stop caring about them. This is going to result in experiences like we get with apps like Facebook, which doesn’t have any conceivable way to get back to certain content. Think single page apps that never have any URL changes.
Of course the brass at Google is incredibly short sighted and clumsy in their approach. All the good people at Google are gone and we’re left with the dredges and it’s starting to show.
One of my favorite macOS/iOS features is URLs. Most good native apps-- Things, Drafts, DEVONThink, etc.-- support URLs. URLs such as `things://` and `drafts://`. Some accept POST as well as GET.
There's even a specification of an iOS/macOS protocol very reminiscent of webhooks. http://x-callback-url.com/
I wonder to what degree Google becoming increasingly a Walled Garden provides an opportunity for a new type of search engine. Instead of having to grapple with the breadth of services on the Internet, it grapples with the depth of each Walled Garden - Apple, Google, WeChat, etc.
I simply can't imagine that any one platform, however large, can truly grapple with the full range of use cases for the consumer internet.
If the domains were written from left to right / highest to lower level (example: com.ycombinator.news/... or com/ycombinator/news/...), this (particular) phishing problem would go away and there would be no reason to do this.
Out of ignorance, any proposals were made to change the order of (writing) domains levels? Or to create an alternative one (if that is even possible)?
Omg. I believe safari does that and I freaking hate it. I see how it makes every website act like an app, but these have real user values: you wouldn’t design a folder explorer by hiding where you are in the tree. Oh wait, actually that’s what macOS does already...
On the other hand, this is the default behavior on mobile browsers and it doesn’t seem to disturb anyone.
I often modify URLs when sharing with friends - stripping utm and other parameters especially when sharing amazon links
My search terms are not relevant to sharing a product ASIN
It seems that Google may view the web browser as an engine that is trying to reinvent native desktop apps. What’s old is new again just with some fancy words and a new generation
I prefer what Firefox. Just keep the domain name black/highlighted and the rest of URL gray.
But, for average user this might be more effective to detect phishing attacks since they never check full URL anyway. (Unless when a website does something stupid with query string parameters)
I was just thinking about this the other day: at the same time, they keep adding weird, inscrutable nonsense at the end of every Google Search URL, so what's the point of hiding the protocols and www and whatnot?
Naaa. They are making up space for ads and chrome extensions. URLs are important, to the difference between a home page and other pages or will never know if you are redirected.
Hiding the full URL will redirect a lot of traffics back to Google's search engine because people can't easily figure out the source from a screenshot anymore.
What are they gaining from this that possesses then to fight such consistent opposition?
I don't see anyone stumping for this or any groups making any arguments for it beyond aesthetics, which is nice but surely doesn't outweigh all the vociferous opposition.
Having looked at the intended design implementation, I'm not _super_ against this change, but I'm not fully onboard. And the concept of AMP here isn't lost on me, either.
I understand the stated goal of this is for simplicity for users and enhancing generic security. I feel Firefox already does this better. Let's take the following URL for example:
Chrome 86 (uses above formatting on hover):
code.visualstudio.com
In both apps, the dark themes provide more contrast that the light ones. I don't think we need to hide URL's from users, because what really matters is the very beginning of the URL which is always shown, and noting the root domain in a more contrasted, apparent way (like Firefox does) is to me a better solution to this problem. Spending time to improve the appearance of the important part of the URL will help everyone in the end, rather than taking the easy road of just isolating it.
Time would be better spent on solving horrible looking URLs in the first place and how URLs get represented in sharing (e.g. email clients, SMS, etc), which is where arguable most visual URL security concerns take place. If anything, I think I'm less likely to trust a URL like this (a simple Google search for "example url") when taking a glance in an email (removed https so full URL would show):
If on mobile, go into landscape for the larger URL, unless there’s a better way to format it I’m not aware of. Didn’t think a code block was best for a massive oneliner.
A possible middle ground could be taking a look at limiting token visibility. But a larger discussion would be needed for that as well.
so... is this a chromium thing or a chrome thing? if it is just exclusive to chrome, then maybe it's time to finally give the new microsoft edge a try.
The official build of Chromium tracks Google Chrome quite closely, so I feel confident assuming that the change is there as well, even though I haven't checked. But since Chromium is open source, I'm not sure anyone can really answer that question. Whether the change is in Microsoft Edge depends on how far Microsoft is willing to diverge from mainline (and where specifically they want to spend their resources).
They know that no matter what they do they're too big to be stopped. We cannot rely on on any of the five eyes governments to break their monopoly because their data collection programs are of immense value to these nations. If they ever are broken up, it'll be a 30 year smoke and mirrors campaign like when we 'broke up' Ma Bell [0]. Disenfranchised is right.
But some URLs are semantic. I think losing those would lose useful information for human readers. If we could perfectly know which URLs have useful semantic information for users and which don't, and then only present those with full semantic meaning, I wouldn't mind much.
Main point: I see people saying things like "these designers think people are too stupid to understand URLS." But that ignores that some URLs are not actually meaningful to anyone.
Anticipated responses:
1. You are losing information by taking off the "application lookup" part: the information that an application lookup was made. Fair enough. But I claim it's a small loss.
2. We can never perfectly separate out the URLs with useful semantic information. Which, also probably true. But I think we can do a decent job, and as long as the full URL is present when I mouse-over it, I probably wouldn't object.