(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Google is planning to show only domain names of websites, instead of complete URLs, in the address bar of its browser to counter phishing campaigns and social engineering attacks.
“Our goal is to understand through real-world usage, whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks,” Google said.
We are going to experiment with how URLs are shown in the address bar on desktop platforms in Chrome 86, it said. The company’s enterprise-enrolled devices are not part of this experiment.
Users who are in the experimental group to test the feature can view the complete URL using two options. They can hover over the URL allowing it to expand fully. They can also right-click on the URL, and choose “Always show full URLs” in the menu box that appears after the click. This will enable the setting to show the full URL for all future sites the user visits.
For users who wish to voluntarily test the feature, Google is allowing them to install Chrome Canary or Dev channels by opening chrome://flags, and enabling the following flags: #omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover, #omnibox-ui-sometimes-elide-to-registrable-domain. After setting this up, they can re-launch Chrome.
The search giant said that users determine the identity and authenticity of a website through the URL, but there are usability challenges associated with it. Attackers can manipulate URLs to confuse users about a website’s identity leading to rampant phishing, social engineering and scams.
Google said that 60% users fell victim to one such incident when a misleading brand name appeared in a URL’s path.