As the maker of the world’s most widely used web browser, Google has a moral and perhaps even legal obligation to protect the privacy and security of its users. However, not all of its efforts have been met without scrutiny, as shown in the Privacy Sandbox and FLoC, short for Federated Learning of Cohorts.
But before that, Google already tried to fight phishing scams by changing what users see in Chrome’s address bar. It turns out that this strategy was not as effective as it was assumed and Google is now backtracking from the position it strongly defended last year.
Google’s solution was to completely hide
Many phishing scams are based on the tendency of people not to double-check things, whether it’s the numbers that call them or the addresses of websites. This last point can be even trickier when some phishing sites attempt to use URLs or addresses that look or sound very close to the original, use extra-long text strings. to deter inspection, or to use other tricks to hide their true source. Google’s solution was to completely hide these URLs and only show the actual domain name of the webpage.
Last year, Google launched an experiment to hide everything except a site’s domain name in the hopes of helping users more easily distinguish “google.com” from “gooogle.com”. This is a much more modest option than offered by an even older proposal, where Chrome wouldn’t even display URLs, just search terms. Of course, that assumed everyone was using address bars to search directly on Google or other web engines.
A strategy that has not paid off
Now Google is apparently ending this “streamlined domain experience, ” which means it will no longer land on end-user Chrome browsers. The company simply said that this strategy did not change the relevant security settings, which is probably another way of saying that it was not really effective in combating spoofing sites. . There is probably an even greater risk that people will not give the simplified URL a second look because it looks more legitimate due to its simplicity.
Beyond doubts about the effectiveness of the solution, Google has also been criticized for promoting its own apps and services with this strategy. In particular, it allegedly hid Google’s AMP pages in plain sight, driving more traffic to Google’s servers rather than to the actual source of those sites. Today Chrome only hides the “HTTP: //” at the start of the URL, but you can choose not to do this on desktops by right-clicking on the bar. address and checking “Always show full URLs”.