Thoughts about technology, the internet, programming, etc.

by Craig Campbell

Chrome's experiment of hiding the URL is awful

04 May 2014

As was pointed out last week, Google Chrome has been experimenting with hiding the URL from the browser. Recently, Jake Archibald, a member of the Chrome team, wrote a piece talking about how this change is great for security. I don't think it is great for anything.

This is what the current implementation looks like:

url missing first example url missing first example

As you see it is hiding the complete URLs here in favor of showing just the domain name.

URLs are the building blocks of the web. Every website contains hundreds or thousands of URLs. Every page has a unique URL so that you can identify it and share it with other people. There is a reason they have always been front and center in all web browsers.

Call me cynical, but this change appears to be using security as an excuse to either boost Google search traffic by always exposing the placeholder text Search Google or to justify the removal of something else that the Chrome UI team thinks is not important. First they removed the + sign on the new tab button. Next they removed the icons from the developer tools. The URL seems like the next likely candidate, no?

Phishing attacks (creating malicious pages to try to get users to enter their private information) are obviously a real problem, but only showing the host name does not fix this problem. People are still going to click links and are still going to enter their passwords on untrusted sites. I would wager that most people who fall for phishing attacks are not people who look at or understand URLs to begin with. Updating the URL bar to show just the host is not going to cause more people to look at it.

A better UX solution to this problem would be coming up with a way to detect pages that do not seem legitimate and warn users that they may be providing their info to an untrusted source on the page itself. This is not something that is trivial to implement, but I think it could go a long way in preventing phishing attacks vs. removing an accessibility/usability feature of the web. There are also other ways to bring attention to the hostname without hiding the entire url.

As a side note, I would avoid mentioning iOS 7 as a way to justify any usability decision considering it is a usability nightmare.