Google abandons experiment to show simplified domain URLs in Chrome

Google’s experiment to hide parts of a site’s URL in the Chrome address bar (the Omnibox) has failed and has been removed from the browser earlier this week.

The experiment ran from June 2020 to June 2021.

It consisted of a series of options that Google added to the chrome://flags options page that, when enabled, only showed the main domain name of a site (therecord.media) instead of the full page URL (therecord.media/category/article/title).

At the time, Google said that the reason for running the experiment was that showing full URLs makes it harder for non-technical users to distinguish between legitimate and malicious (phishing) sites, many of which use complicated and long URLs in attempts to confuse users.

Showing only the domain name was considered a good way to remove the extra chaff from a complex URL and only leave the core domain visible in the URL bar.

If users wanted to view the full link, they could click or hover the Chrome address bar to reveal the rest of the page URL.

However, despite its good intentions, the experiment never sat well, with both security experts and end-users alike, who often complained about it when Google silently enabled it on some browsers to gather usage statistics.

One year later, the experiment is now gone.

The options to show “simplified domains” have now been removed across all versions of the Chrome browsers, such as the Stable, Beta, and Canary builds.

“This experiment didn’t move relevant security metrics, so we’re not going to launch it,” said Emily Stark, a Chrome security engineer and one of the main voices who previously advocated for the idea of simplifying URL formats inside browsers.

The security metrics that Stark mentioned came from a series of lab tests that Google has been running for the past year, described below:

We’re implementing this simplified domain display experiment so that we can conduct qualitative and quantitative research to understand if it helps users identify malicious websites more accurately. This means we’ll have study participants exploring the prototype in lab/survey studies, and we will also roll it out to a small % of real Chrome users to understand if it helps protect them from phishing. If the results show that this simplified domain display does help protect users from attacks, then we’ll make a decision about whether to ship it to all users, balancing user feedback with the security considerations.

This marks the second time Google dropped an experiment to show only the domain name inside the address bar. The browser maker ran a first experiment in 2014 to similarly negative user feedback.


Source: Recorded Future

Leave a Reply