This article originally appeared on ZDNet.
With the launch of Chrome 69 this week, Google promoted new features and a new look. It gave users months to prepare for Chrome dropping 'Secure' from HTTPS sites and adding 'Not secure' in red to HTTP sites from Chrome 70.
But for some reason Google decided against mentioning that as of Chrome 69 the world's most popular browser will no longer show the www. or m. on websites in the address bar because they're just a "trivial subdomain". As a result, www.zdnet.com is now displayed as zdnet.com.
For now, users can force Chrome to display the full address by disabling the flag 'Omnibox UI Hide Steady-State URL Scheme and Trivial Subdomains' at chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains.
The HTTPS is the 'state-state URL scheme' while Chrome now considers the www to be a "trivial subdomain" that the address bar would look better without.
You can still reveal the full URL in Chrome 69 by double-clicking the address in the address bar, and if you copy the simplified address and paste it elsewhere it will display the full address.
Chrome 69's treatment of www in the address bar is similar Apple's Safari, but the change in Chrome has caused greater concern over Google's motivations.
After it all, it went to great lengths to warn users about new ways it would communicate HTTP and HTTPS in the address bar, but stayed silent about dropping an equally important indicator that users expect to see.
In a bug report spotted by The Register, critics have pointed out several instances where two different sites will now look the same, potentially exposing users to phishing attacks.
For example, m.tumblr.com, which is not Tumblr's site, is shown as tumblr.com, and it's not immediately clear that http://www.pool.ntp.org and http://www.pool.ntp.org are two different sites. Also, in the case of a domain like 'www.www.2ld.tld', the www is hidden twice.
The issue has sparked a debate on Hacker News, where some argue that the change is part of Google's long-term plan to hide its AMP subdomain and make it indistinguishable from the actual domain.
"And then suddenly the whole world funnels through AMP," the commenter noted.
Just as Chrome 69 was released, Google told Wired that URLs are failing to convey a site's identity, so they're looking for something else that offers more convenience and greater security.
Nonetheless, the impression it's given is that Google is trying to kill the URL and assert its dominance over the web.
Security expert Scott Helme reckon the change is good, at least from a phishing standpoint, since most users will understand a padlock better than https:// while removing the www means there's less information to interpret.
- Google investigating issue with blurry fonts on new Chrome 69 (ZDNet)
- Chrome 69 released with new UI and random password generator (ZDNet)
- Google to remove "secure" indicator from HTTPS pages on Chrome (ZDNet)
- Windows 10 April 2018 Update battery test: Edge beats Chrome again, brags Microsoft (ZDNet)
- Photos: 10 years of Google Chrome (TechRepublic)
- Chrome team wants better web addresses, not URL mumbo-jumbo (CNET)
Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several Australian publications, including the Sydney Morning Herald online. He's interested primarily in how information technology impacts the way business and people communicate, trade, and consume.