After about a year of tests in Google’s Chrome browser, there was no improvement in security. So the full URLs remain. With a current contribution to the source code, the development team of Google’s Chrome browser ends the experiments on the “simplified” representation of domains. Emily Stark, who is responsible for the work, writes as an explanation in the post:
“This experiment has not changed any relevant safety metrics, so we will not roll it out.”
The tests to hide certain path information in the URL began around a year ago. Instead of, for example, the full URL path, the browser only displayed the domain in the so-called Omnibox of the browser. The technology was initially accidentally distributed in the Canary builds of the Chrome browser but could be controlled as an option using the so-called flags. These then ensured that the full URL was displayed when the mouse cursor was moved over the URL bar without having to click on it. Another option did not hide the path until the page was interacted with.
The introduction of the code and an urgent explanation were finally followed by officially announced tests of the functions. At the time, the Chromium team said: “
There are tons of ways that attackers can manipulate URLs to confuse users about the identity of a website, leading to widespread phishing, social engineering and fraud.”
Hiding the URL components should therefore help prevent these problems.
The experiments implemented as so-called field trials with a random selection of users have apparently not achieved the expected or desired effect. The team has therefore removed the code for the options and thus ends the experiments to hide the URL paths for the time being. It is unlikely that the responsible team will pursue the plan again in the medium term, so the current URL view should be preserved.