496 comments

[ 5.7 ms ] story [ 295 ms ] thread
I get emails from some banks with instructions to spot phishing. One of those is to look at the full URL in emails or on websites to know if it’s authentic or not.

For better or worse, the URL scheme is what we have to identify websites and pages. Hiding that on larger screens doesn’t make much sense. It also hinders learning for the next generation.

Actually, that's their argument for doing it. Most users don't understand the different bits of a URL, to know whether it's from the site they think it's from. See (huge) previous discussion from two months ago: https://news.ycombinator.com/item?id=23516088

Personally, for my own purposes, I think hiding any bit of the URL is incredibly inconvenient. Already hiding the www. is seriously annoying. I will switch this new behaviour off and hope they don't remove that option.

> Actually, that's their argument for doing it.

If AMP didn't exist I might be slightly more inclined to believe them.

If that's really their justification, then I wish they would take the approach that Firefox does - show the full URL but have the domain name in white and the rest of the URL in a muted color. It provides the full information as well as highlighting the most important info for spotting a phishing scheme.
> show the full URL but have the domain name in white and the rest of the URL in a muted color

Which is exactly what they do at the moment.

wow I've never noticed this. it's pretty subtle.
Meaning that the need for the new hiding feature is... what, exactly?
Presumably that a number of users still don’t get it and the value to the remaining users is very small.
I didn't notice Firefox does this before your comment. On my screen the domain is black and the rest of it is gray. Maybe it's because I don't have any kind of night mode thing on. I'm sure the colors would be inverted with that enabled.
It is not just inconvenient, hiding or modifying URLs is a lie and is a security problem. Hiding part of the URL means that you don't really see what's going on, and that is the first step towards a security problem, not away from it.
I agree. But I'm afraid Google's solution is going to be along the lines of showing a green mark for anything served from their own servers, with the subtle implication that anything else is less trustworthy.
All of the TLS handshake configurations are hidden from your UI. It is hard to see "what's going on". You aren't shown a cert signature each time you request a page. Yet the lock icon doesn't get hate.

The non-domain information in a URL is useless for making security decisions for virtually 100% of users. If anything, it has negative utility since you can make URLs nearly arbitrarily confusing as part of a phishing attack.

I don’t understand, the lock icon gives you exactly the information you could want from that though? It tells you immediately if the site you are on is HTTPS, you don’t have to hover or anything. And if you want even more details (which is not something anyone does while they browse the internet, FWIW) you can also get that information too. This change hides the information that people actually expect that UI to have–that’s why there’s an option to in-hide it!
What if I want more information? I want to know what TLS version both parties negotiated. I want to know who signed the cert and when it expires. Etc. etc.

The point is that "the UI should express everything a power user could ever want to know about some security-adjacent property" is not the status-quo and people should not act like it is. Dropping to just domains is like shifting from a big blob of text including a ton of request information to just the lock icon. It distills it to something that covers basically all the information you'd ever actually need and is comprehensible to typical users.

I mean, I was upset when Google moved the certificate details from just click on the lock to click on the lock and go into developer tools and do some other bs I've forgotten since I'm no longer working where I need to confirm certificates. However, I figured that the number of people checking certificates was very small, so trying to use our weight to change Google's mind was fruitless. Fighting against hiding the URL seems a lot more tractable --- although, I just took it as a sign that Google doesn't want me to use their browsers, so I stopped.
I didn't know there is an option to change it back, thanks for pointing that out. I've found it really frustrating when trying to copy different parts of the URL.
Just fyi, the google chrome plugin "Suspicious Site Reporter" reverts the url back to how it always was, with http:// and www and everything else. It's very lightweight and you can just leave it on, don't have to report anything or do anything with it.

Hopefully it remains this way _forever_, even with these newer changes as well.

Or you can right click the omnibox and choose "Always show full URLs"
Countdown until scammers figure out a way to screw up the parsing code and get Chrome to show the incorrect fake url
The bank may say that, but it's not actually good or practical advice.
Embarrassingly I let checking the URL bar give me a false sense of security and got phished for the first time just a few days ago. They put a fake URL bar into the page and made it look like a proper OAuth2 URL. (My 2nd factor saved me from giving them access since it slowed me down enough to notice some subtle oddities, but I still had to change the password since that was already submitted)

The real protection against this is making it impossible for me to send credentials to the wrong party. Normally my password manager helps with that, but I had just switched managers a couple days before and it wasn't recognizing all sites properly (likely due to the lack of a database of known equivalent URLs). If the site was using WebAuthn, there wouldn't have been any issue because the imperfect URL checks by me and the password manager would not be necessary.

This has been the standard on safari for years. Are you saying that people who use safari suffer from those problems?
Really wish they would stop trying to do this.
It’s sort of surreal to feel so disenfranchised about it too. Like, no one wants this, I’m sure they know that, but they just don’t care.
They know that no matter what they do they're too big to be stopped. We cannot rely on on any of the five eyes governments to break their monopoly because their data collection programs are of immense value to these nations. If they ever are broken up, it'll be a 30 year smoke and mirrors campaign like when we 'broke up' Ma Bell [0]. Disenfranchised is right.

[0] https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2F...

Hasn’t Safari already been doing this for ages with no issues?
No
I just confirmed that desktop Safari has exactly the behavior this post describes. If I visit any Wikipedia page, what I see in the URL bar is "[lock icon] en.wikipedia.org". The path is entirely removed.
(comment deleted)
My Safari has the full path

13.1.1 (15609.2.9.1.2)

Weird! I see: https://i.imgur.com/6r73iFt.png (v13.1.2)

Is there any chance you've checked "Preferences > Advanced > Show Full Website Address"?

Can confirm, it is checked. This does seems like something that should be a user configured option.
Its an option under Safari/Preferences/Advanced called Show Full Website Address.
Yes, it has been doing it for ages, both on macOS and iOS.
Which is the reason why I not use Safari on OS X (additionally, the Safari devtools are atrocious).
Safari does something like this (showing the full url only when you select it), and it can also be disabled in the settings.

It does not do anything like obfuscating where the document comes from, like Chrome on Android does to hide the fact that they are serving AMP pages.

This is hacker news, and you're talking about apple.
The difference is that Google likely has ulterior motives with this change, whereas in Safari, it's purely aesthetic.

Edit: I've just tried it in Chrome (enable [0] and [1] or [2]), and it's a disorienting user experience. As a matter of fact, I also just tried it in Safari, where I have similar complaints (but, again, it's easy to disable there).

[0]: chrome://flags/#omnibox-ui-sometimes-elide-to-registrable-domain

[1]: chrome://flags/#omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover

[2]: chrome://flags/#omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction

Yes. They also have ~4-5% browser market share.
Sigh. Now browsers are as powerful as OSes. Why do you need OSes?

Address bars? People don't need them. Google should tell you which website you're visiting is good or which is bad if they hide the address bar.

I’m not sure why this is being downvoted, this is an accurate albeit sardonic description of what’s happening.

People don’t want to visit AMP sites, they want to visit the site that’s the original source for their news, etc...

I mean, depends who you mean by people? I'm pretty happy to go to amp sites. The thing I care about is the content.
Yeah, well maybe after they have this power, we can leave it to google to fix all the content next ;)
Then you've not used many AMP sites - many do not function properly and try to 'stream' the content as you scroll leading to a garbage experience and missing content.
They are faster than average webshit. That matters to user, even if the bootcamp webshit and his accountant manager doesn't think so.
I have never had that experience. Maybe there's something wrong with your browser.
Maybe we tend to go to different websites, but I don't know how you can make that initial statement. I use my phone to browse the internet a fair amount.
The premise “browsers are as powerful as OSes” is dubious.

“Why do you need OSes” is something I would expect from someone who does not know how a computer works.

Whilst they should probably be tweaked, address bars are central to the web as it is currently.

Google should stay as far as possible from me and has no business telling me it approves of the sites I am browsing.

I did not downvote the post, but there is no sentence in it that does not make me regret having read it.

I understood the "Why do you need OSes" as "Why would you use Windows when you can use ChromeOS, since the only thing you'll ever need to open is Chrome"

And all of these opinions are obviously not held by the poster but are rather what the poster believes Google wants.

If it is sarcasm, it’s not great. These exact points are commonly made by people who clearly take them seriously. These people are obnoxious enough, there’s no need to reproduce their talking points.

My experience is that as much as some geeks love to go on about web apps, real people still do more than browse the web on their computers.

There's more ''consumers'' out there than ''real people''.
(comment deleted)
Now you know about web. Many (all?) people here (reading this shit) know. If you hear about what they are into, they are trying to get ''the next billion'' people into Their hands. Most of this ''next billion'' people don't have the time and/or courage to learn anything. They want to get their job done. (They will learn if they're forced to.)

What these big companies are trying to do is very clear. They don't want these fools to know much about web. If these people suddenly starts learning about how web works, that'd be a disaster (for Them).

Now, the address bar is just a distraction to them, nothing else. Now, if Google is removing them, let them. If the address bar is hidden, then there's less clutter. So, they'll think that it's better. (You and me know that isn't any better for us. I'd be really angry if they completely remove it.)

> Why are you referring to those big companies as 'Them'?

< You don't know yet?

"The next billion" was a codename for "gaining access to Chinese markets", not "fooling tech-illiterate people into becoming Google loyalists".

The reason why the address bar is being tweaked in this manner isn't to hide the Internet from Internet users, it's to hide insecure parts of the URL. Only the domain name portion of a URL is actually secured by anything, and only the part closest to the right of the domain. Most people don't know or care that they need to run a set of regular expressions in their head and consult with a list of public suffixes to validate if a website is legitimate. They're just told, "Look for microsoft.com in the URL", and then they see http://123.45.67.89/~spam/microsoft.com/techsupport and think "Well, it says Microsoft, that means it's Microsoft".

It's not so much that Google doesn't want people knowing about the web, it's that people already don't know much about the web. It's not the people's job to know all of the relevant technical standards when they just want to know if a security alert in their e-mail is an actual thing they have to worry about or a phishing scam.

(comment deleted)
A nice side effect for them is that it makes it less obvious you are viewing an AMP site.
Do they not have those AMP sites that are under a Google domain anymore?
They hide the fact that it's a Google domain in Chrome.
IMO this is the real reason why they're pushing hard towards this:

  However, it's also worth considering that making the web address less important, as this feature does, benefits Google as a company. Google's goal with Accelerated Mobile Pages (AMP) and similar technologies is to keep users on Google-hosted content as much as possible, and Chrome for Android already modifies the address bar on AMP pages to hide that the pages are hosted by Google.
We are going back to AOL days. That didn’t work out so well for AOL in the long run. It’s kind of crazy to me you can’t do marketing now without at least discussing Google and Facebook these days.

Edit: at least you knew you were the customer with AOL and paid them with clear terms for access.

The comparison to AOL was my first thought also.

Basically, Google have lived long enough to see themselves become the villain.

> The comparison to AOL was my first thought also

It doesn't really make sense, though. The AOL thing was always things like "visit AOL keyword lord of the rings" at the end of trailers, and that would take you to the marketing site.

If Chrome wanted to do that, in the example gif the keyword wouldn't be just "en.wikipedia.org" for the URL article, it would be something like "wikipedia URL" that would bring you back to the page you're on through a google search.

I'd say that it's just as common to hear "google Our Brand" as "www.brand.com" at the end of television adverts now. That's entirely anecdotal, but Google (or other search engines, but basically Google) has been for a long time the way to access sites.

I see people every day searching for a brand and clicking rather than appending ".com". It's more convenient. If Google can profit off laziness, they will.

Google doesn't like you using the term "google <something>" because that opens the door towards a genericized trademark (like xerox or cellophane), but plenty of advertisers buy keywords or a phrase on Google and then use terms like "search for <keyword or phrase> to find out more" in their radio/TV/outdoor ads.
I tend to search the brandname if I'm not sure about what the domain is. There's quite a few Dutch brands that are either on .nl or .com. Or their brand is already in use by another company, so they've got some extra text in theirs. Or their name has a & in it and they might use "n" "en" or "and" in their actual domain.
I'm not sure if it's entirely laziness. Unless given a URI through some other medium, you can't expect to find a business by simply appending .com, .org, .net. there are only so many viable names in this structure and collisions are inevitable.

At one time, there were less organizations online but now, almost every single business, large or small, has a web presence over viable domain name scarcity.

As such, discovery service online is a necessity. Google and other search engines fill that void. Now should they completely replace domains? Probably not, at least not yet, but some other addressing scheme needs to exist if we want to be less reliant on services like Google. Personally, I just use other search engines. If I'm not finding results I fall back to Google.

(comment deleted)
The thing you mentioned doesn't like it's too far fetched for the next step :-)
It isn't that Google built a faithful recreation of AOL's mechanism. The claim is that Google is in a very similar ecosystem position with very similar incentives to attempt to Own All The Traffic.

I realize hindsight bias is at work, but I think I preferred Microsoft playing the Shitbag Monopolist role. They weren't passive aggressive about it, at least.

They became the villain when they started deliberately positioning the ads on their search results screen to trick people. Which I'm sure makes them lots and lots of money but is definitely evil.
Google is many different companies and products, and some of them I'm so grateful for. They provide a simple product that does something magically better than the competition, don't screw with the recipe. I give them my data because I like the service.

But the company-wide decision to manipulate the URL as a business strategy drains all my enthusiasm. The "U" is really important! The URL is basically a filename that you use to access the data store called the Internet. Don't take it away from me by the brute force of market dominance. I need to be sure of where I'm addressing my packets. Don't tamper with that essential construct.

I use both browsers, but without Firefox, I'd be lost in the wilderness. With its recent layoffs I'm worried about the web.

> I give them my data because I like the service.

They take your data and everyone's regardless of if you want them too. That you don't mind hardly makes that better.

Is it really a company-wide strategy to manipulate the URL? The Chrome change was based on user studies that showed that people do not understand URLs.

The days of URLs as a data access key are gone. So many other things (cookies, etc) go into controlling what pages show that what was originally a 1:1 mapping between URL and content is now a many to many mapping. I'm not saying that's how it should be, but that's the web we live in now.

Doesn't matter if they understand it or not. It's the one and only barrier between you and malicious actors, or you and a monopolist. And oh look there's Google, attacking the one thing that protects the world from their ownership of the web.

People might not understand how a seat belt works, it's still there and we still use them.

I dunno, AOL was extremely successful and people loved it. I'm not ashamed to say I liked it, having everything in the same window. Google could only hope to achieve that fluidity. Messaging, Email, and web all in one workspace.

AOL really only declined because of the rise in high speed internet, and their awful business model and practices.

The market also offered better services eventually and AOL simply couldn't keep up in every area. It slowly chipped away at their user base. Messaging was one of their killer features and apps like ICQ slowly ate them up while AOL tried to ride the same strategy of being everything to everyone into the future. I do agree it was a great experience for what it was, back in the day.
AOL bought ICQ in the very early days of messaging.
Do you or anyone else have a video or screenshots of what you're talking about? Or is there a specific name of the product where AOL was doing this?
When dial up Internet was a thing, AOL was the leader in that universe. It was basically one of the earliest walled gardens out there. They had their own chat, email, etc. You accessed it all through their desktop client. You never had to leave the AOL application to experience "the internet". They of course were still providing general Internet access, so you could still fire up Netscape [and earlier browsers] and cruise to whatever websites you wanted. The Internet eventually eclipsed what AOL could offer for most people and their premium price and sometimes dodgy Internet service eventually fell by the wayside to a more open Internet experience for most users.

Edit: AIM was a really popular messaging client for years after the fall of AOL as a premiere dial up Internet service.

To amplify that a bit, AOL started out as a pre-Internet online service, competing with the likes of Prodigy and Compuserve. It wasn't until 1993 ("Eternal September") that they opened up Internet access to their users.
Movie trailers often had them, sometimes long after AOL had declined in relative popularity. An example I mentioned in another comment was at the end of one of the lord of the rings trailers:

https://youtu.be/V75dMMIW2B4?t=143

I have no idea how popular they ever were, but I'm sure there's a large segment of people that find it easier to remember and to type in "Lord of the Rings" into their computer than "www.lordoftherings.net".

Instead of browsing via URL, companies could buy "AOL keywords". A user could just put in a keyword, like "dog food", and AOL would send them to a particular dog food page. In the days before good search engines, this was very convenient even though it was obviously pay-to-play.

https://www.youtube.com/watch?v=1npzZu83AfU

"Hi, I'm Sheriff Harry S. Truman for America Online"
It seems like we've reached that already. I've seen TV ads where they just say "Search for $KEYWORD" instead of a URL (admittedly that's more average-user friendly than making them input dots and slashes). Or posters that have [f]/someFacebookPageName or [i]/instagramUsername with the icons to indicate Facebook/Instagram.
The only difference is that Google has endlessly more clout and depth than AOL and my fear is that where AOL failed, Google may succeed.

With Firefox succumbing this week, this is pretty horrible.

I’m not a Richard Stallman type, but I think it’s come to the point where if you have even the slightest pretense of being a “free web” person, using Chrome or a Chromium-based browser has become unconscionable. This company is playing embrace extend extinguish to a T and they are nearing the end game.

I switched to Firefox this year and so can you! Just download it, install it, and then clear your Chrome history so it doesn’t feel like home anymore. Firefox is really nice and I was surprised that I don’t miss Chrome at all (except for the developer tools color picker).

Color picker seems to work great in the CSS Properties at least :D
Works great but Chrome’s lets you change HSL and other modes. I like the ability to tweak luminance or saturation right in the browser.
Consider also changing your default search to StartPage or Duck Duck Go
Yes. For sure. Sadly I find myself g!-ing all the time but good to at least try them first. Sometimes I g! and go back, which always feels serendipitous.
"With Firefox succumbing this week..."

Firefox succumbed to what? Genuinely curious, i had not heard this.

There were a large number of layoffs at Mozilla, see https://news.ycombinator.com/item?id=24120336 .
And strategic re-orientation as I understood it.
Same way you strategically deprive someone from food and they reorient to a coffin user.

Explanation: Google undermined FireFox, both through ads, then through a series of incompatibilities.

And they did the same to Edge, which is using Chromium.

That's exactly what any CEO or "Downsizing Consultant" would say. That may be an OK situation for a corporate company, but for a non-profit foundation like Mozilla, its unhealthy and rings some disaster bells.
Given the caliber of the talent that was let go, this re-orientation sounds more like a lobotomy.
Too many overpaid people who had little interest in building a web browser.
> I’m not a Richard Stallman type, but I think it’s come to the point where if you have even the slightest pretense of being a “free web” person, using Chrome or a Chromium-based browser has become unconscionable.

Thanks for phrasing it like this - I'm also not a Richard Stallman type but it's hard to disagree with this statement. Just downloaded Firefox and made the switch.

Great to hear.

Clearing my history/sessions in Chrome was an important factor in adoption for me as well. It helps that when you start typing in that search bar, it doesn’t feel familiar. Took a few weeks but did eventually stop looking to Chrome. Now I just use it for testing/Android debugging.

(comment deleted)
The problem is that there are simply no good free browsers that are not Chromium-based or Firefox. It doesn't seem viable or worthwhile to write a web rendering engine from the ground up. We're heading rapidly towards a Blink/Webkit monoculture.
Why exclude FF? It’s good.
Currently. Though Mozilla is giving no clear plans on continuing the projects importance. If anything it seems Mozilla is planning for an eventual sunset. Hoping to have revenue alternatives for when Firefox is irrelevant and they stop supporting it.

Firing a team building a meaningful advancement in Firefox's tech stack is a big signal, imo.

Yeah that was devastating this week but maybe it can somehow reverse itself, I don’t know.
Why would we want a continuation of what isn’t working.

Let it die, rebuild from the ruins.

Is it possible that if Mozilla folded or stopped supporting Firefox that the open-source community would continue to support it?
Possible, but not to a sufficient extent to keep up with the ever changing needs.
It's pretty good, albeit much less good since the old XPCOM extension support went away. (My position is that XPCOM compatibility could have been maintained in a multi-process world through better dynamic object proxying.) But as Mozilla's money dries up, so will Gecko, Servo, and a bunch of other fascinating projects. It's sad. But the web won't stop evolving, so we're going to end up a webkit-only world.
I've been using Firefox/Safari on my personal devices for a couple years now, but as a web developer I unfortunately can't not use Chrome at work because of its dev tools. I try to test on other browsers when I have time - I've always made a point to push for supporting at least Firefox, as an organization - but when I'm iterating I really just need the Chrome tools. Firefox's tools always remained one or two steps behind, and now that they fired their dev tools team I assume they won't even be doing that, soon.

The same goes for Google Search/DuckDuckGo. I use the latter on my personal devices, but when I'm tracking down a problem at work I just need the thing that's going to work the best.

I agree about DDG, but not dev tools.

I used to think they weren’t as good, but they are good. And I think I’m a pretty serious dev tools user.

BUT, if you want to keep using Chrome dev tools that doesn’t mean you can’t switch to FF. Just de-personalize Chrome (clear you history, sessions, settings etc) and then you’ll stop using it. Say you’re developing and open a new tab to search something on SO: you won’t be logged in on SO. Same goes with any site. So you’ll instantly realize you’re using Chrome to browse and hop over to FF instead.

Seems like a lot of work but it’s not. Maybe I drank the kool aid but I now feel naked browsing with Chrome and try to avoid it as much as possible. I think the important thing is to stop using Chrome for personal browsing.

I disagree about DDG :). For work-related searches I'm really satisfied with the results and I find answers quickly. I would even go as far as to say that it works better for me than Google's search. I experienced it the other way around. When using DDG for personal use or results about local things I often tend to use the Google bang as Google has the better localized results.
You should share how Safari and Firefox handle URLs, rather than feeding into everyone's reactions
I use Firefox as my daily drive, and I still don't get what's so special about Chrome's dev tools, I test on Chrome and open the dev tools but I prefer Firefox overall. It's a damn shame they fired the Dev Tools team however, that is not a visionary move on Mozilla's part.

Depending on your IDE, you can make it just open Chrome when you boot up web projects. That's what I do, but I do normal browsing on Firefox, it helps keep distractions away even. Leaving Chrome with only work related things.

Some of it may just be familiarity, but it always seems like there are little things that aren't all the way there. Some of the CSS property selectors aren't as rich, last I checked the profiling tools weren't as powerful, that kind of stuff. Things you could live without, but I feel a certain amount of responsibility when I'm on the clock to not hamper my productivity by using a tool that isn't the best one available.
Some things this is still true, other things I don't think I could go back to chrome devel tools, it just feels weak and old by comparison now.
(comment deleted)
> I unfortunately can't not use Chrome at work because of its dev tools

Why? I’m a full time developer at a Fortune 100 company and I have no issues just using the Firefox dev tools. I literally never use the Chrome dev tools. Though, this might soon change now that Mozilla has laid off the dev tool team.

Did they really fire their devtools team?? I'm sorry, I missed that earlier.
I have this shell script as `chrome-new` in my path for testing in Chrome and the rare site that is broken in Firefox. It gives me a totally clean profile each time to minimize the amount of Google spying that goes on and reduce my tendency to use the browser for anything but the current task. Sadly despite --no-make-default-browser, it still asks me with an infobar every time I start it.

    #!/bin/sh
    test -e "$(which chromium)" && CHROME="chromium"
    test -e "$(which google-chrome)" && CHROME="google-chrome"
    test -e "$(which google-chrome-dev)" && CHROME="google-chrome-dev"
    TMPDIR=`mktemp -d /dev/shm/chrome-XXXXX`
    $CHROME --user-data-dir=$TMPDIR --no-first-run --no-make-default-browser "$@"
    rm -rf $TMPDIR
Don't you get the same thing using Guest Mode?
AFAIK guest mode acts like incognito when it comes to storage behavior (changes stay in-memory and are not persisted to disk, and therefore available storage is noticeably lower than with a regular profile), so it will trigger incognito mode detection scripts on some times.
I use Firefox for casual browsing but heavy workloads need a better browser. So I have to use Chromium.
Firefox is a much more performant browser for actually rendering heavy pages.
I have 18 windows open in Firefox vs chromium that say otherwise. Why would I lie lol.
And what about memory requirements? Also there are no addons in mobile Chrome!! Big issue for me.
Chrome has a more responsive UI, but as for actually rendering and laying out pages, Firefox is usually much faster.

I've actually checked with both browsers open side-by-side while developing my own webapps.

What's worse, Chrome is super buggy and will often randomly crash on complex CSS or too many table rows, etc.

(comment deleted)
That's great, I'll tell Firefox that,maybe it will pep up.
Chrome sucks and hasn’t gotten the love it used to
Its the opposite. They are on a down slope to irrelevance.

All these moves just turns up the temperature of the innovation cauldron, speeding up the pace of whatever will replace them.

More clout and depth has nothing to do with longevity. See every Empire that has evaporated in History.

Google will fail faster than it took most empires too for 2 reasons

1. Things move much faster these days. The time between rise and fall keeps shrinking for large orgs struggling to cope with the furious pace of change.

2. Complexity of playing empire defense grows exponentially with scale. You can't find enough skilled people quick enough. You cant solve increasingly complex issues with just your cash hoard. You can't escape increasing internal politics that slows the speed of innovation within. You can't escape external actors mistrusting every small move made etc etc etc.

So they will keep making such moves. And there is a way to speed up their decline - Encourage them and praise them for whatever they come up with.

I’ll add my voice to that, I’ve been using Firefox as primary dev browser for a couple of years now and it’s a perfectly cromulent choice. I don’t miss Chrome one iota, far from it; when firing up Chrome to investigate browser-specific issues it seems alien now.

My level of respect for origin was similarly the tie-breaker when choosing between Vue, Angular, and React.

AOL had a particular mismanagement problem that Google doesn't have.

AOL didn't lack depth: they literally had email (@aol.com), social media (AIM), video-calling (Vonage), cloud filesharing (Xdrive) and so much more.

Ultimately, they failed because (1) they were overvalued to begin with and (2) had a bad innovation model (top-down) that led them to (a) over-commit to online ads and (b) under-commit to broadband.

Google is sustainable & mature, and it has a distributed innovation model that will avoid the particular mistakes of AOL.

Google is reacting to the Walled Garden trend, not driving it.

> Google is reacting to the Walled Garden trend, not driving it.

I could follow you right up to that bit.

Facebook and Apple have been driving those trends for well over a decade.
Yea, actually fair, bit of a non-sequitur.

I meant to say that Google is well-positioned to take advantage of being a Walled Garden, and is doing so now because the model is being built out out elsewhere, both domestically (Apple, Amazon) and abroad (WeChat, Jio).

This is off-topic slippery-slope hysterics that have nothing to do with the story
> Chrome for Android already modifies the address bar on AMP pages

How does it do this? The URL looks totally as I'd expect (google.com/amp/) - I'm on version 84.0

They are boiling frogs: https://en.m.wikipedia.org/wiki/Boiling_frog

Little changes over time, so you don't see the end game right away. Signed exchanges and further hacking up / hiding the URL will come. This change only hides some of the URL, with a hover action that shows it again.

I really don't get why people think that signed exchanges are this super nefarious plot to destroy the open web when it's exactly the thing that would make a distributed web possible.

Disconnecting content authorship and publishing with hosting so that literally anyone can host web content securely is fantastic!

* Want to bootstrap your IPFS network? You can safely and securely host a huge chunk of the web from big publishers on day 0.

* Want to compete with AMP? Now you can because AMP isn't special anymore!

* Are you a small ISP that wants to cache web pages close to your customers to reduce bandwidth usage?

* Archiving website has never been easier since they're already bundled and packed.

We've already reached the point where the content you're seeing and the server you're connecting to are completely disconnected. Signed exchanges just democratize the process instead of requiring every publisher to pick a CDN.

> I really don't get why people think that signed exchanges are this super nefarious plot to destroy the open web

My biggest concern is that the request will go to a google-owned server, where google can fully track me, and my browser would be lying to me about being on a non-google estate I might assume be free from Google’s tracking.

Site-owners will now also be forced to buy into Google Analytics since they have no requests in their own server-logs to analyse.

It’s a power-grab. And obviously google is doing this to increase their ability to do full internet-wide tracking.

> My biggest concern is that the request will go to a google-owned server, where google can fully track me.

I'm not exactly sure what the fear here is. You're only getting to the page by clicking a link in Google Search and then your browser fetches a bundle from Google's servers.

In your ideal world you would click a link in Google Search, telling Google what you're looking at, and then connect to the site via Cloudflare, and the source site's servers telling them too?

The flip side to these is that your browser can actually act as your agent with this. If you find yourself a nice privacy-respecting CDN then your browser can try to pull from there when you click any link and you now have way less exposure.

I don't think most of the people angry about signed exchanges necessarily want a distributed web (everyone hosts), they want the old decentralized model (many servers with different content). They want Google to stop telling them how to format their website, and they want Google to stop rehosting their website as a condition of search-engine access. That last one in particular isn't a centralization issue as much as it is a copyright concern. If people are angry about technology that makes it easier for Google to proxy their content, they sure as shit aren't going to want technology that lets randos do it too.

Not to mention, the decentralized web also means more privacy concerns. In the old model, the only entity that knows you downloaded a particular file is the server you talk to. With AMP, Google is now involved with that data flow. This is a third reason why people hate AMP, but it could be worse. Google is at least still a moderately trustworthy entity for a lot of people. However, what about Archive.org? What about Amazon, Facebook, ByteDance, or Brave Software? Each entity has far different trust implications compared to Google. You may trust them more or less. Just signing the web content only validates that the content itself hasn't been tampered with, not that the place you got it from is going to have your privacy interests in mind.

It's the combo of SXG and AMP, and not what that combo can do today, but what it could do.
All of which can be done without AMP, hiding the url, or forcing companies to use it or lose their SEO placements.

It's the SUM of the pieces that point to Google's endgame, not the individual pieces themselves.

I have an idea.

Move forward with signed exchanges, and then prohibit them from being used to obscure the content source (more specifically, require the 3rd party to reveal themselves)

I mean I don't disagree with you that I should be able to look and see what entity actually served me the content in the same way I can see who signed the sites SSL cert but I'm still 100% in favor of having browsers present display the bundle's URL in the browser because that's the site your viewing.

A site that uses Cloudflare as a CDN isn't cloudflare.com/site/nyt.com. The whole point of these things is that if you have some vested interest in being a CDN for chunks of the web for your users you don't have to set up a partnership with them and proxy their site or have their certs you just download the bundle and go.

I detest AMP, but I'm very much looking forward to signed exchanges.

I swear that with AMP there will come a time when we're faced with another "Digg Bar" like situation but worse. Boiling frog indeed.
To play the devil's advocate, Apple's Safari has been hiding full addresses for quite a while, without having any direct benefit as a company as far as I know.
(comment deleted)
hmm, the only thing it hides for me is the protocol, and that one is easy understand: a padlock shown: https. "Not Secure":http.
To get what you're seeing, I had to turn on the option to see the full URL. Otherwise it just shows the domain. That was several years ago though, so maybe it's no the default anymore.

I get it though, most people really only care about the domain and in fact, trimming everything else makes the actual domain easier to spot when it's not the domain you wanted, such as in a phishing attempt.

Apple has it's own goals of hiding technical information from the user.
Safari has little to none marketshare.
17% is little to none?
It only does this on mobile, as far as I can tell; using desktop Safari as my primary browser, I'm not seeing this.
It does it on desktop too. You must’ve disabled in it settings
It need not be malice. It maybe because the design people think people are too stupid to understand URLs.

As other comment mentioned, Safari does it too.

The trend seems to be abstracting away stuff like filesystem. Many people I know don't even organize stuff into folders on their phones. Everyone seems to dump everything in Download or something like that. The existence of separate applications for Music, Video and Photo content makes it irrelevant to some extent.

> It maybe because the design people think people are too stupid to understand URLs

You may be right, but it's hard to see why this would be a concern in 2020. The number of users who have actually grown up with URLs in their childhood increases all the time.

Anecdotally, it seems computer literacy is actually dropping over time. I taught an entry-level scripting course aimed at medical graduate students for several years, and each year the number of students who did not comprehend even the concept of files and folders was higher than the previous year.
That's entirely our industry's fault. After all, there are no files anymore, just cloud documents on remote websites.
And we didn’t reproduce the hierarchical nature of files in the cloud, rather we have flat lists, tags, sort-by-recently-opened, etc.

However, flat structures are harder to use, and people tend to use Google Docs less than the shared network folders when Word existed.

I don't think dealing with files made people any more computer literate, nor is understanding the folder/file UI abstraction any more of a badge of tech literacy than understanding what "pull to refresh" might do on an iPhone.

We like to overdramatize the importance of computer literacy because we take it for granted that computers are our livelihood, not some principled quest of self-betterment to understand the world.

We're like a group of mechanics finishing each other's sentences over how everyone should know how a carburetor works, and then circlejerking over how we "failed the people" with the move to power steering. And don't even get us started on how push-button ignition set the public's car literacy back 100 years from the golden age of turning a key to really understand the inner workings of locomotion.

We failed by no longer giving anyone the ability or even the right to understand their tools. A computer is just a tool to get things done. It's perfectly reasonable that to a lot of people, it will remain this black box of magic they'll never understand. But now it's a black box to everyone, including non-technical people who cared enough to know more about their tools even if they weren't their primary interest.

It feels to me that tech will eventually hit a point where there's only two ways to interact with it. Either you're a "typical user" who has a glass orb you speak into and pray that it does what you ask without shattering to prevent tinkering, or you're a programmer who gets a command line and that's it.

Kids aren’t any more computer literate. Computers (ahem... phones) have just gotten way easier to use
> The number of users who have actually grown up with URLs in their childhood increases all the time.

Where do kids growing up with iPads even see a URL?

You’d be shocked how bad they even are at using a physical keyboard and trackpad in 2020

Growing up with computers as a new thing that most adults didn't understand, the majority of people who understood them were children. I also thought that as computers were everywhere, children after me would all understand them, but that didn't happen.

With ubiquitous computing, the ratio of children who understand to children who don't is a little higher than when I grew up, but not that much. Clearly, some children grew up with me who were willing didn't get the skills because they had no access, but lots of kids are either need directed instruction to attain technical literacy, or are unwilling or incapable of attaining it.

Seems unlikely, considering they're also pushing for signed exchange (SGX) which also does the same thing.
I encourage everyone to use Firefox on Android just for the one killer feature of being able to install the full desktop ublock origin plugin.
With Firefox axing the entire Servo team along with a bunch of other technical people, I am very afraid for its future in terms of technical development. Especially for the macOS version, that so far has always been the red-headed stepchild.

It’s got me in quite a pickle since the only alternative that is privacy friendly and cross platform (macOS, Linux, iOS, Android) is Brave, and Brave, despite good or at least decent intentions, has done some questionable things.

The way to guarantee a future without an alternative browser is to not use an alternative browser.
I hear you, but simultaneously everyone (including me) has a certain limit to which they will be principled. If it happens like I mentioned, I will jump ship. On macOS, Firefox still guzzles battery compared to Chromium browsers. This seemed like a thing that, whilst not fixed, was actively being worked on. If I had to hazard a guess, that will slip heavily in priority now.
Who knows. The best way to vote is to be an active user of the product and give feedback that power use should be a priority.
Servo wasn't even the main engine.

Considering their main revenue sources will likely be decimated, it makes sense to focus resources on the primary browser engine, and allow the open source community to build out the experimental features, moving temporary resources there as needed.

The thing with Open Source is that even if Mozilla Corp goes under, all of us can continue building out Firefox like a regular open source project. Or the Linux foundation could pick it up, etc.

That's literally how Firefox was created in the first place, as an open source continuation of the Netscape browser.

Using Firefox will lead to improvements that will persist even beyond Mozilla Corp. In the meanwhile, Mozilla Corp can be looked at as an experiment to commercially and profitably develop Firefox, which, if it fails, will require us to switch to the non commercial models that are driving several other open source projects.

I tried. Tab switching was - for me - horrible compared to Chrome (chrome:swipe down, swipe address bar down, select tab you want from carousel).

I kept looking if i missed this obvious feature. I tried to live without it, but Firefox mobile's tab switching just turned out to be a deal breaker for me.

If anyone had some tips: please!! I'd vastly prefer using FF on mobile.

This has been reworked in https://play.google.com/store/apps/details?id=org.mozilla.fi.... The URL bar is now at the bottom of the screen, including the tab switch button which is now always within reach of your thumb.

On the other hand, I didn't have a problem with tapping the tab select button in the non-beta app, where it's in exactly the same position as it is in Chrome...

Oh how I hate the new Firefox experience on Android. I'll still use it because hey it's Firefox, but it's really eating me up...</digression>
The position is configurable. There is a setting that will allow you to move it back where it "belongs".
Good point, address bar on the bottom may not even be the default. I think it makes great sense though. Looking forward to the current Firefox Beat replacing the main Firefox app so I can free up a lot of space on my phone... :)
URL bar on the bottom sounds amazing :) I'm all in favor of moving all toolbars, search fields, any sort of interactive controls to the bottom on mobile interfaces. So much easier than having to reach to the top of the screen at random, even if it isn't always thumbable.
Tab switching on Firefox Nightly is much better as of a week or so ago. You can now swipe left and right on the address bar to go between tabs, just like in Chrome. It's particularly nice when the address bar is on the bottom.
Cool. Long time firefox user here and that was a useful discovery for me
Thanks! That convinces me to give it a shot.
This is the problem with the whole industry right now.

How Google win - and they do it with many of their products - is that they bother to make their products just superior enough to the competition, that you basically have no choice but to use their product, unless you want a deliberately inferior experience.

It's not just Chrome vs. Firefox, which I'm very sad about. Another big example for me is on my iPhone. Google's GBoard is simply superior to anything else I've ever tried, and yet I know it's spying on absolutely everything I'm typing on the device (pre-encryption), at all times, and it even bullies me into staying online if I want the keyboard to work fully properly. (It's slower and the prediction stuff doesn't work half as well if I'm in flight mode for whatever reason.)

Yes!! When I see other people browsing on Android without uBlock I'm in awe of their patience.
With Blockada, you can block lots of stuff at the DNS level, so it's more tolerable. But it doesn't block everything, uBlock is smarter. Still I keep it running, it's especially great for all the other apps trying to talk to ad or analytics servers. (I'd actually like to combine Blockada and NoRoot Firewall though...)

I use an old phone (until Librem ships...) and I switch back and forth between Chrome Beta and Firefox... they each piss me off. Firefox is slow, I've tried the newer fenix system and it's not really better, plus it crashes a lot. Especially on sites like mobile twitter, probably in part because of the overhead of uBlock having to fix up the DOM; essentially the crash is a failure in handling a system out of memory error in a low level part of the graphics stack that mobile chrome had a long time ago too but managed to fix years ago. Recently chrome pissed me off more because when I tried to take a screenshot of a tweet with a funny google translation, chrome+android colluded to block it because of some issue like "the display contains protected DRM content." Firefox, no issue, apart from crashing 10 minutes later. At least I haven't lost my tabs to a Firefox crash (mobile or PC) for many, many years.

Have you ever tried installing Bromite or vanilla Chromium from F-Droid?

I imagine they'd address at least some of your qualms with Chrome.

when you have blokada, ublock doesn't make much sense.

why block ads on a browser when you can do it on a system-wide level.

unless you need the vpn connection for work or something like that.

uBlock Origin can block a lot more things than a DNS-based blocker can. Some websites load ads from the same domains they load content from.
The recent mobile Firefox is worse in every way that matters to me:

  ° Breaking recent add-ons (for the few add-ons that exist). I added a close-tab icon to compensate for the bad tab-ui. It's gone now.
  ° URL-bar hiding is wonkey. Some overlays disable hiding due to recent phising attacks. Now, for overlays, it is always present and hides the bottom of the page. This is very annoying when links are hidden behind the bar.
  ° URL bar (2): where have my bookmarks gone?
  ° URL bar (3): no more editing the URL if anything was *ever* searched in the current tab. Instead it edits the search. The URL is inaccessible. 
  ° After 'Open in new tab' there is an annoying delay for 'Switch' again hiding links.
  ° Tab selection is just bad now. Preview is broken. If anything is displayed, it is often the image of two sites ago, even if the page has rendered.
  ° Tab selection (2) no more moving the tabs?
  ° Tab selection (3) why waste so much space? Using only 80% of the screen. And every tab wastes two lines and a half of useful space. Why is only the domain shown? Why not truncated or cut in the middle? 
  ° Tab selection (4): newly opened tabs are hidden, you always have to scroll up as the current tab is always first, older tabs are lower.
  ° about:config is broken. Certificate error. Certificate error is broken too. Thus no disabling reader mode.
These are papercuts, every day, every time I use Firefox. /rant
On the other hand, Chrome for Android killing off Duet a few weeks ago has made it actively painful every time I need to switch tabs.
Specifically how does this change benefit Google?

The security problems that it addresses are very concrete and specific. I can clearly see how this change helps novice users.

How does this change benefit Google? It seems very hand-wavy.

Edit: downvotes, but no explanation of any specific benefit to Google from this change

(comment deleted)
(comment deleted)
It's been explained elsewhere in the thread.
Link? I can't find anyone to actually explain how truncating the URL actually benefits Google's business. Comparisons to AOL are very hand-wavy.
I don't think this is true at all. If anything, this change actually hurts AMP because now none of the original host url is visible at first.

I don't like browsers that do this, its the first thing I turn off in Safari, but how does Apple manage to get away hiding the full path under positive intent, but when Google does it its because they're evil?

I think it's pretty fair to say that the wider population of users aren't very good at determining which part of the URL is the authority, so any change to help with that can only be positive imho.

> I don't like browsers that do this, its the first thing I turn off in Safari, but how does Apple manage to get away hiding the full path under positive intent, but when Google does it its because they're evil?

I don’t like it either, but I assume the difference arises from the fact that Google would benefit from deemphasizing the URL and has done work already in faking it, while Apple probably does it because it looks clean and it thinks its users will be tricked by apple.com.help-virus-14682825821&824826.

If that conspiracy theory is true, what reason does Apple have to do this exact same thing on iOS Safari?
A good anti-trust investigation and subsequent break up of the company should fix this problem.
agreed 100%

Google revenue is slowly going down

Only option for Google is to pretend Internet doesn't exist

Anyone who is using Adwords or doing Search Engine Optimization

look at what results look like

It's 50% to 70% traffic being routed to Google

remaining being routed mostly to people who pay a lot to Adwords

*

It's almost purely Pay to Play now in most of the lucrative areas

Yep. The Internet is now "The Google."
Reason number 368 why I've moved everything to Safari + DuckDuckGo. I still can't believe they won the suit with Genius and being caught poaching their content for their own representation
You can also use an ad blocking DNS, it's been working great for me
For now I'm quite happy to have finally switched to Firefox a few months ago.

If Firefox disappeared though, as it seems it might, that would be horribly frustrating.

Firefox/Mozilla is largely funded with the search deal which is usually paid by Google.

Google has a vested interest in Firefox staying alive for competitive/monopoly reasons, especially now that IE is official a Chrome skin.

e.g. https://www.forbes.com/sites/barrycollins/2020/08/13/mozilla...

Wasn't the last days' layoffs direct consequence of that deal expiring later this year?
Nobody knows, since we dont know if the deal will renew
> our source told us Moz will likely pocket $400m to $450m a year between now and 2023 from the arrangement

Why in hell did they lay off MDN, Rust/Servo and Dev Tools teams?

Maybe because they wouldn’t have gotten the deal renewed otherwise?
How does firing some of their brilliant tech staff helps them renew a deal to keep Google as default search on Firefox?
The theory is that Google might have required this of Mozilla as part of the deal, either officially or unofficially.
That's straight up on the ridiculous conspiracy theory field though.
It’s certainly a conspiracy theory, and I’d call it unlikely, but I wouldn’t go so far as to call it ridiculous. Much worse things have been known to happen in business.
IIRC the supposed "burden" of lowering Cxx suite salaries played a non-insignificant role.
Shouldn't they keep Rust with a goal of lowering dependence on Cxx in general?
And for those of us who still compile ff from source and remove/add things as we please, we'll have to see people moan about something they always had and will continue to have control over, but long ago rationalized away seeking comfort in the chaining of their minds to things/ideas that are foremost in the best interest of others and not themselves.

/me shrugs

If you have such complete control over your applications, why do you have to see anything you displease? Just add a filter to your Firefox that removes such complaints before they are displayed.
Well, I have to make a living catering to people (on mostly my terms and my time frame) complaining about things they have no intention of trying to do anything else about… seeing the complaints and lack of solutions adopted is a good sign for a captive market :P
> “Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage," Chromium software engineer Livvie Lin said in a design document earlier this year.

I’m a software engineer, too, but I would never make such an important UX decision because I know that is not my area of expertise.

I hope they’ve gotten significant user feedback on this before rolling it out.

Personally, I hate it.

It's Nanny State rationale at best, or cynical condescension -- I hate it, too. I switched from chrome back to firefox a year ago, with no loss of anything.
I wonder if Livvie Lin and other Google engineers read such HN threads. What might be their internal discussions, I wonder.

How do they justify such design decisions? Are they asked by someone else to figure out how to make such wierd things happen as they just do as ordered?

"Asked by marketing" or something like that.

Fucking suits spoil everything. Engineers are in general, more ethical than suits.

Yes, marketing was obsessed with the URL bar all this while.
Wrong logic. Marketing didn't see the opportunity to mislead people till now.

Although in this case, it can be all about further abstracting the URL detail from end user, as I mentioned in another comment.

You are delusional and clearly have no idea about how the Chrome team works.
When the final version is implemented in a couple of years you will no longer see any URL, that way it won't be as evident that most sites on the web will be loaded from Google.

Google is also attacking this issue from a different perspective with Signed Exchanges [1][2], to fake the URL and ensure their success in becoming the gatekeepers of the internet.

If you refuse to become a content provider for Google's vision of the web, then they currently won't feature you at the top of search results in the Top Stories carousel, and perhaps demote you entirely from the first page in the future, depending on how their hijacking strategy works out.

[1] https://news.ycombinator.com/item?id=19678693

[2] https://www.iab.org/wp-content/IAB-uploads/2019/06/mozilla.p...

Yeah the endgame would involve a play-store like 30% cut of any revenue, subscription, ads, anything. 30% cut from non-Google ad network revenue as well. At that point publishers won't have a choice any more because of the Chrome and Google search monopolies.
By that time it will be warranted to limit user freedom on the web to make security and privacy accessible for everyone, just like Apple does today on their devices. The scary open web and the meaning of a general purpose computing device will be easily forgotten.
I think the easier version of that is AMP gets favored and AMP only serves Google ads. I never really thought of that being the endgame, but it makes a lot of sense now that you say it.
If the webshits didn't bloat the web like this, AMP wouldn't have happened.

"But all hipsters I know have latest macbook pro" has been the standard answer from all of them.

Lean websites are NOT featured in the Top Stories carousel, only AMP websites, so this is not primarily about page speed. If page speed would be the main reason for AMP, they'd simply continue to demote websites that have poor performance in search results, and they'd curtail the main bloat from sites in Chrome, ads and trackers.

But I agree that Google has used this talking point successfully so far to bully publishers into giving up autonomy on their websites in exchange for being featured in top results, even when these sites have a great score on PageSpeed Insights.

Google plans to change that as part of it's current focus on Core Web Vitals and non-AMP sites will be eligible to be in the Top Stories carousel if they're fast enough
That's interesting, here's [1] an overview of Web Vitals. Do you have a source for Google's timeline to enable this for Top Stories?

[1] https://web.dev/vitals/

I don't remember the source but I've heard 2021.
Google rewards developers who use AMP with better search positioning than even a plain HTML page
Yeah. But AMP was an initiative for speeding up the web.
AMP has done nothing for speeding up the web in general; in fact I know web properties that implemented AMP instead of focusing on core speed issues with their main site.

It's also notable that AMP projects almost always originate in an SEO strategy, not engineering.

Google was on the right track by including side speed as a signal in ranking. From Google's perspective, that became problematic because it started disproportionately punishing sites that run lots of ads... AKA some of Google's most important customers. AMP is a site speed initiative that is more compatible with Google's corporate strategy.

Yes. But AMP wouldn't have had much value if sites were fast enough, Google used that as an excuse or maybe a genuine strategy turned into a lock-in plan.

The hipster macbook pro webshit who doesn't know what O(n) means, and the jobsworth drone manager who couldn't see beyond quarterly profits don't have any rights to cry about AMP now. People like AMP pages as evident from many discussions, because they feel faster than the rest of the web.

It is trivial to figure out whether a page makes 0 additional network requests and has no script tags and is small.
Almost every AMP page I went to felt slower than when I went to the real page behind it.

I think a significant portion of that was that AMP wants everything rendered in a single paint. As opposed to the typical news site which shows the article for a while, then later hides it when the javascript had time to run. Seeing an article while the page finishes loading feels a lot faster than seeing a white screen until the page finishes loading, even if the content moving around on the first one is annoying.

(comment deleted)
> to fake the URL and ensure their success in becoming the gatekeepers of the internet.

They should just buy Cloudflare

I wonder how bookmarking and auto-complete work with signed exchanges. I don't think they could ever remove the URL completely because it conflicts with their extortion scheme for AdWords where they'll sell your trademarked words to the highest bidder.

What happens if Chrome shows no URL and Google sells the AdWord for your bank's name to a malicious actor? That's a huge liability can of worms IMO.

I'm not sure the signed exchanges are all bad either. I'd rather have visitors seeing example.com than example.google.com/amp/ or google.com/amp/example.com. Isn't it better for your brand to be in the URL and bookmarks / auto-complete to go to your domain (assuming it works like that)?

I'm not convinced the whole web identity push is 100% bad. I don't trust Google, but as a general concept I think there's some technical merit in the idea.

I still haven't found a good answer why they do this. "Makes it harder to tell if the current site is legitimate" sounds like an excuse. If you are the perfect target for a phishing attack (= clicks on everything, enters passwords everywhere, has no clue about host names) then you also won't be able to understand what Chrome presents you in the address bar after obfuscation.

My best explanation so far is that the Chrome team doesn't know how to improve their browser anymore so they just make up work to keep the software engineers busy.

Trying hard not to sound like a conspiracy theorist. However, it's pretty obvious this benefits a walled garden strategy. With things like AMP, "rich snippets", etc, they keep eyeballs on Google owned properties longer. Slowly deprecating urls over time makes it less visually apparent.

AOL was able to sell "keywords" this way, because it wasn't always obvious to their users how to get to the real internet.

It's not a wacky far-out conspiracy theory to notice that Google is attempting to dominate the internet. It's a serious problem that we need to do something about before it's too late.
It is, however, a wacky far-out conspiracy theory to claim that Google is developing this feature for the purpose of internet domination.

The given purpose is phishing prevention, which is the same reason why this exact feature has been part of Safari for years yet no one pointed out that it was a nefarious attempt by Apple to takeover the web and further their walled garden.

> It is, however, a wacky far-out conspiracy theory to claim that Google is developing this feature for the purpose of internet domination.

No, it's not. Are you aware that Google is mangling AMP URLs to make them look like original URLs and hide the fact that they are hosted by Google?

Which has nothing to do with the feature discussed in this thread, which is to hide non-domain parts of the URL.

What you're referring to is the Signed Exchanges proposal.

Splitting up your plan into discrete parts that seem relatively inert on their own isn't a new thing. ANFO is a good example.

And it's pretty easy to do this in a way that front line and low level MGMT Googlers wouldn't know.

The AMP lead, for example, has posted here, and seems credible and very competent for his own intentions. I'm not convinced he's totally aware of the intentions of his leadership chain.

You're literally describing a conspiracy theory and dubiously speculating on malicious intentions. That's my point.

I'm saying that it's a wacky conspiracy theory that Google is hiding the non-domain parts of the URL to dominate the internet, and you come back with:

What if Google leadership was conspiring in such a secret, surreptitious way that middle management and possibly even the AMP lead doesn't know what's going on? What if this is just a small part of some grand plan?!

Is the treachery of domain-only URLs so deep that even Apple didn't realize they were carrying out pieces of Google's ultimate plan?

Fair enough, yes, that's a bit sensationalized version of what I said. And, despite being a generally rational person, I don't find it far fetched.
I think the justification is that some people will think the website is legitimate if a legit hostname appears anywhere in the URL e.g.

http://scamsite.com/microsoft.com/phish

"looks" legit because it contains the string "microsoft.com" (and most "regular" users won't appreciate the different parts of a URL); under the new scheme, that would display only as "scamsite.com" and hopefully people are less likely to enter their microsoft username/password if "microsoft.com" doesn't appear anywhere in the address bar.

I'm not overly convinced of this personally, but I think that's the supposed idea behind it.

I think microsoft.scamsite.com would fool most of the people that scamsite.com/microsoft would. It's a very difficult problem. Can't we have something like certificates for domains, so we can at least trust the most potentially vulnerable cases?
If EV certificates were good they'd be great for showing alongside the URL, but they're both expensive for most (used to be $100/yr if you go for the cheapest vendor, now heavily discounted since the URL bar change made it lose value) and the legal entity verification doesn't work in a sense that company names aren't unique[0].

0: https://news.ycombinator.com/item?id=15904513

They (EV certificates) also don't do as much as you probably think they do. Or, I suppose, seen from a different angle, the actual dnsName matching does a lot more than you realise.

When you visit news.ycombinator.com obviously the browser confirms that the certificate presented is for news.ycombinator.com and not anything else. Because the machine does dnsName matches and machines are fast, it happens prior to every single transaction as necessary. In contrast EV information like company name can only be checked by a human, slowly, after a transaction already completed.

Suppose I hit this "reply" button to post this, but bad guys have just at that moment intercepted my network connection. The browser connects to news.ycombinator.com and... their certificate either isn't trustworthy or isn't for news.ycombinator.com and so this text is never sent to the bad guys at all.

But EV certificate details are only useful retrospectively. The browser can tell me after the fact that it posted the response to "Phishing Corp. Ha Ha Ha We've Got Your Data Now" but it doesn't actually know that's the wrong place so it won't abort the transaction.

For this and other reasons the entire EV design doesn't really "work" from a security point of view, and wasn't ever really intended to. It's a marketing idea, not a security idea.

One could hide the subdomain too (yes, I know there are cases where you have a different trust relationship depending on subdomain - but these are rare).
Firefox's approach actually doesn't have this issue, it highlights only the actual domain. So for microsoft.scamsite.com, scamsite.com would be highlighted, and the rest in a darker gray.
In my experience companies are pretty bad at always using their own domain even for legitimate things. I suspect it is because getting IT to do something like setting up a subdomain in any company I've worked in is virtually impossible, whereas buying a new domain is easy.

So I think most users wouldn't think something like `microsoft-it-support.com` would be suspicious.

Yeah, this is very annoying. It's not every company, but it's enough different companies to be a problem.

PayPal (a company that more or less constantly moans about phishing) operated www.paypal-special.com which is a tremendously phishy-looking name, but it was a real PayPal site until they shut it down.

One nice side effect of WebAuthn binding credentials to a dnsName is that you can't change domain names without trashing all the credentials. It's mechanically impossible. So when yet another marketing genius wants customers to go to some-daft-marketing-idea.example instead of your-actual-website.example they can put fluff on that site if they want, but any sign-in or other credentials stuff will need to happen on your-actual-website.example anyway.

This is a huge problem in government from what I've seen. In Canada, every province code has a longstanding two character .ca domain I think they all have a 'gov' 3rd level domain. For example, in Saskatchewan we have gov.sk.ca. However, instead of using that namespace, some departments go and register domains that look like phishing URLs. How about ehealthsask.ca for everyone in Saskatchewan to access digital health records instead of ehealth.gov.sk.ca? Yep, that's a thing.

It's pure idiocy. Instead of teaching the public that *.gov.sk.ca is a trustworthy, government run namespace everyone has their own domains and the general public is left to guess what's legitimate and what's phishing. Good luck with that.

And they all buy overpriced SSL certificates.

From an advertising perspective if the cost to serve amp is less than ad revenue, this makes perfect sense. Every click on google goes to google, and you’ll like it too bc you won’t have a choice.
> “Makes it harder to tell if the current site is legitimate" sounds like an excuse.

Why? To me, having helped elderly relatives with computers a lot, it is very plausible. Phishing URLs use all sorts of subdomain and querystring tricks to fool users, and it can work.

As someone noted, not only that. But you won't see on which subreddit you are at for example. That's quite annoying.
Well it does make the host domain clearer which could making phishing attempts harder.

But it must be weird when navigating around a website, while the url remains static... ugh creepy

I was just thinking about this the other day: at the same time, they keep adding weird, inscrutable nonsense at the end of every Google Search URL, so what's the point of hiding the protocols and www and whatnot?
I will from now on consider Chrome as a malware.
Vote with your choices (use a different browser). That's the only way to address such behaviour. Yes, I know the 95% out there who don't even know what a browser is but only know Chrome's icon gives access to the web won't understand any of this and they will continue giving mega-corporations a critical mass of unquestioning users to be used, but we have no other options.

We either express our voices, no matter if they're fringe (and hope it catches on) or we can just give up and not even write these articles any more.

> Vote with your choices (use a different browser).

You almost don't even have to. Microsoft's Edge is basically a rebranded Chrome with all of the Google stuff stripped out. You can keep using the same extensions, etc.

> Yes, I know the 95% out there who don't even know what a browser is but only know Chrome's icon gives access to the web won't understand any of this

I find it fascinating how some people in tech bubbles think everyone else is a stupid sheep who can't possibly understand such incredibly complex concepts like what a "browser" is.

Depends. I have seen a lot of people who don't understand such things. And I have seen teachers who think using a different editor to write a program might affect output.
This expectation probably comes from seeing how even Word->Word can break things. It's reasonable to try and develop a heuristic from that.
> I have seen teachers who think using a different editor to write a program might affect output.

Isn't this fairly common for Notepad for windows though? Weirdness and unexpected output due to ansi encoding rather than utf-8 IIRC - it may be fixed now, but i vaguely remember something about this

People think the screen is the computer.

People think Google is the web.

People think the search engine is the browser.

More or less this is true. I encountered even web devs who thought it was unimaginable to change browser. Because extensions, because differences in css and so on. IE8 PTSD. For common user largest tragedy is lost of opened tabs. I seen this over and over again. So many people think there's no such thing like bookmarks and they keep their tabs open until OS crush or something.
I've met very intelligent people who have zero understanding of computers: they have been trained to click certain icons to be able to reach google for a search. I'd be interested in data supporting either more or less fluency than we might expect - but you wont be able to do an online survey to get it :)
> I've met very intelligent people who have zero understanding of computers

I'm curious - how do you reconcile thinking they're very intelligent with thinking that they're utterly unable to grasp the basic concepts of computing?

And that, precisely, is my point: as an industry we'd rather tell ourselves that it's all so impossibly hard and beyond the grasp of the common person rather than admit that we just suck at explaining things and educating people outside our bubbles.

just because someone is good at one thing does not mean they are good at (or care to be good at) another thing. Can most people be educated on $BASIC_SUBJECT? For the most part, yes. Are they interested in doing so? In many cases, no.

Some examples off the top of my head:

A teacher I worked with who previously owned his own business literally thought the screen/monitor of a computer could watch him. Even after going over how computers work, he looked shifty at his computer. He was unconvinced.

A teacher I worked with could not, after multiple sessions of helping her, understand how to sort outlook mail.

A former boss (owned his own business, made great money, very smart) double clicked _everything_, even when single click would work. Was not interested in changing.

A doctor friend using his patient software - if anything went off script, he had to call in someone else to get him back to a known point.

A former math professor neighbor needed to regularly send out mailers. I helped him set up the most simple solution I could come up with for printing the mailing labels. "Here, open the internet, go to this site, log in, and click the save link. Open this other program, import that data. Load your printer and press print." He needed help. Every. Single. Time. While he said he understands that he pays AOL for internet, he said he does not know what that means (this was like 5 years ago, still using AOL?!). Tried to probe his knowledge and help fill gaps. Never happened. If his internet browser icon moved, he could not get on the internet.

I'm a reasonably smart guy. Don't ask me to fix your car. Or paint. I'll make a mess. Also, basic medical/biology goes in one ear and out the other.

My best friend (granted this was back in high school) could not spell "girl" (literally, "hey, how do you spell girl? Uh, girle?") or solve two step algebra equations. But he could rebuild an engine and identify the type of aircraft flying overhead by the sound the engine made. Mechanical genius. Fast forward a few years, and he found out he really likes geology. Suddenly, he is able to write coherent essays and solve advanced chemistry equations. Amazing what _interest_ in something can do.

Any reasonably intelligent person can be taught a lot as long as they are interested. Many people are just not interested in learning new things, especially when it comes to computers.

Now, on the complete flip side, a service clerk I was talking to two days ago likes to scan in 3d wood models, clean them up in vector based image software, move the files to autocad, and use a laser cutter to make the same models out of metal, and uses an older version of Premier to edit drone footage he captures. My mom figured out on her own how to spoof her user agent to access media that was not supposed to be available to her - but still thinks I hacked her phone via an old computer tower of hers that I was unable to fix.

> I'm curious - how do you reconcile thinking they're very intelligent with thinking that they're utterly unable to grasp the basic concepts of computing?

Understanding computer systems requires both cultural and institutional knowledge. Not all intelligent people possess this knowledge. My grandpa is a great example. He’s a retired English professor and has deep knowledge of literature and the structure of English language. He’s still incredibly sharp but he cant use a computer to same his damn life.

> as an industry we'd rather tell ourselves that it's all so impossibly hard and beyond the grasp of the common person rather than admit that we just suck at explaining things and educating people outside our bubbles.

Using computers is very hard. I think you are underestimating the amount of time you and others have spent learning “basic” computer skills (email, word processing, web browsing, etc) that many haven’t had the time or opportunity build. I started learning how to use a computer when I was a little kid, maybe 5. over the course of my childhood I built up those skills to the point where they endemic and felt simple, even natural. These things take time and purpose and many very smart people do not get the opportunity or reason to build these skills

I spent 6 months tutoring senior citizens on how to use computers (specifically it was word processing).

Believe me... some of the gaps in knowledge are alot wider than you'd imagine. None of them even knew what I meant when I mentioned the "URL bar". These are people who had previously used the web to search, pay bills, etc. To them, "the internet" was the entire computer, and had no concept that the browser was a distinct entity within it.

You're 100% right this is teachable but it is important not to understate the size of the canyon.

I’m gonna go out on a limb here and say this might actually be a good thing for people who are looking for domains.

But also a great thing for google as they are going to reinforce searching instead of typing in a domain.

Jake Archibald (a Googler) presents some decent points on this on the HTTP 203 podcast: https://youtu.be/0-wB1VY3Nrc

I still don't agree with the removal of URLs, but I do still recommend watching the entire video if you want to get more perspective on the issue (beyond just the conspiracy theories about AMP and control).

This is why we should jump over to Firefox. Today! And by us I mean we who know that this is a bad idea. Mozilla is suffering and this is our last chance to not let Google and chrome have total dominance over the web. Mozilla copies Chrome a lot, but they need more market share to be able to get a say here and take the point of us power users.

I have been using and contributed to Firefox for years, and it is a great browser!

Come on, we know better! Use Firefox or watch Google destroy the open web. It's up to us!

Mozilla has flaws, yes, but this is important! That technical users continue to use Chrome is beyond me.

Google renewed their deal [1] and Mozilla is still going to get 400-450mil per year until 2023 at least. Yet they gutted firefox servo, devtools and MDN teams.

Using Firefox from now on is just feeding the troll called Mozilla management. We need to seek another open source privacy oriented browser or have a serious foundation like Apache fork Firefox.

[1] https://www.theregister.com/2020/08/14/mozilla_google_search...

Pushing Google one step closer to becoming Alphabet's AOL. Instagram and friends must be stealing quite some traffic and ad revenue.
Wow - top posts are conspiracy theories. "The only reason to do this..." "This is a security issue..."

Google has millions / billions of users. From a security standpoint the focus should be entirely on the root domain, that is the only really meaningful root of trust.

If you are talking about a security issue - the KEY security issue is ANY lack of clarity around root domain.

"Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage." is a statement they have around this change.

I think I agree - I suspect other browsers will have to copy chrome (again) in de-emphasizing the leading URL (often used for fishing).

Folks seem to miss the fact that google chrome was a minor competitor initially it IE - and their focus on things like ... security ... helped them become absolutely dominant. A fair number of enterprises have (finally) started slow slow switch to mandating chrome.

at what point is not any longer? Once the URL bar has gone?!
> their focus on things like ... security ... helped them become absolutely dominant

I don't think Chrome's security features had anything to do with its ascension. Chrome took off because it was fast and had a good UI (iirc it had the ability to drag a tab from one window to another, a while before other browsers did).

The average user knows nothing of the security features of their browser.

Also you couldn’t use google search in a different browser without constantly getting harassed to install chrome
Chrome took off because Google leveraged their position in another area (search engine) in order to push it. Exactly what people were concerned about with Microsoft and Windows/IE.
That's not the whole story. Plenty of people moved from Firefox to Chrome, because they found Chrome to be the better browser.
Even Microsoft thought that with Edge.
I think Microsoft at the time probably thought it's own engine was also better in many ways. It was in several regarding power efficiency and things like pen/pdf support.

Reason Chromium was chosen was more because they already had a bunch of developer experience with the engine.

That and more importantly it would cause Google to lose some control over Chrome and the web. Now Google can't exactly do further anti-competitor shenanigans like the whole shadowDOM fiasco and youtube. In this case adding random features to chrome, implementing them and causing other browsers to have a bad experience.

That and because edge is as fast as chrome (if not faster), there is less of an incentive to switch to chrome.

Oh and Microsoft is one of the few companies to be able to maintain a hostile fork of chrome and have it competitive. Largely because they have enough resources to match google for Chromium.

This is one of those cases where Microsoft can subtly claw back marketshare by playing the strength of chromium against Google. They wouldn't be able to do the same at all with Gecko/Firefox.

It did in a domain I'm familiar with.

I think they were the first to have separate processes for tabs (?) which you could really see add robustness - when flash could blow up your session etc you could much more easily close out the offending tab.

They were stricter and more prompt in blocking things like activex controls, they'd remove features tabs would use to try to take control of your session or confuse you. All these enhanced security and usability.

There's no disagreement here. Chrome brought lots of good security enhancements, and raised the bar for other browsers, but security isn't the reason people made the switch.

Yes, Chrome was the first to do process-isolation. As for ActiveX, I believe that's generally only available through Internet Explorer (not Edge), I don't think Chrome ever supported it. [0]

[0] https://en.wikipedia.org/wiki/ActiveX#ActiveX_in_non-Interne...

The degree to which HN is obsessed with AMP is hilarious at times. You'd think every single one of the 100k engineers that work there do nothing but dream up ways to trick people into using AMP for some secret illuminati end goal.

If you don't like AMP, that's fine. If you don't like this UX change that's fine too (and I suspect will be easily fixed with an extension). But maybe consider for a moment that not every single UX change to a product with a billion users is part of the vast AMPiracy.

I'm all for balanced debate, but strawmanning doesn't help anyone.
How this this a straw man? Parent is just agreeing with gp that a lot of HN users are obsessed with AMP and it’s supposed evils

Disclaimer: googler opinions are my own

Nobody is claiming the following ridiculous statements:

> every single one of the 100k engineers that work there do nothing but dream up ways to trick people into using AMP for some secret illuminati end goal.

> every single UX change to a product with a billion users is part of the vast AMPiracy.

First of all, parent is not arguing with anyone, they are building on gp’s comment.

Parent is using hyperbole as a rhetorical tool to make a point, not to distort or discredit a particular persons statements

You say this as if those engineers (and it's not 100,000) are all voting in a democratic decision-making process on feature direction. It's a very small number of senior leaders who make these calls.

Remember, Sundar used to be in charge of the Google Toolbar. That was his claim to fame inside of Google before Chrome.

My first thought when reading this was relief... For my mother.

I've spent most of my adult life trying to teach my parents to look at the address bar to make sure they're on bankofamerica.com and not some random phishing domain. That kind of falls apart though when it's... bankofamerica.comm.phishingdom.com/{random filler}/bankofamerica/user/login

HN users are fantastic at thinking all technologies should revolve around their niche use case.

It looks like non-trivial subdomains will still appear and those seem to me to be the most problematic.
The root domain is highlighted in FF. This must be enough for visual testing.

If you want a more reliable approach then you need to work with a whitelist and clear warnings.

I wouldn't assert it without strong evidence. This URL comprehension problem is probably more complex than what people usually think. There are a number of studies about this issue, if you're interested.

https://storage.googleapis.com/pub-tools-public-publication-... https://kumarde.com/papers/urls.pdf

Thank you for those! Side question:

I don't have a formal education in CS, but I really enjoy reading papers on programming (languages), architecture, data-engineering and web related things among others, especially when they have a practical focus/impact.

Is there a good way for me to find or rather discover resources like these?

Not sure about filtering for practical focus/impact but https://arxiv.org/ is an amazingly useful and informative repository of papers that you might like. Also google scholar is good, but more general.
> The root domain is highlighted in FF. This must be enough for visual testing.

I've been using Firefox for years and never realized this. Looking up at the top of my browser, I can see that "ycombinator.com" is highlighted and the rest of the URL is a darker grey. To me, this seems like a good compromise; you still get the full URL but the important parts stand out a bit more.

Exactly - also if you do any penetration testing of your staff side - the key to get something through is have the name of the company it seems anywhere in the URL. Literally - lkjljkdfskjfsd.com/bankofamerica/securelogin.do etc.

Part of the issue I've noticed is some sites actually do outsource things to other sites (microsoft has a lot of redirects on logins so you used to end up on passport.com I think to login, and then to something with azure, then office... etc). Combine this with subdomains and trailing urls and internationalization efforts and you are in trouble.

This must be just because of how we scan / read things? Ie, a quick cross check. A lot of people maybe don't parse all the elements properly (,.:?& etc).

The other issue - let's say just 2-5% of chrome users are confused. That still is a HUGE number that are confused.

> conspiracy theories

2007 called. They want their deflection back.

> Folks seem to miss the fact that google chrome was a minor competitor initially it IE - and their focus on things like ... security ... helped them become absolutely dominant.

Security is a very small factor, if a factor at all, for Chrome to have become dominant. The main reason is because they keep/kept pushing everyone to install Chrome when you visited https://google.com (by showing you a small popup window).

Do you have evidence?

Because I remember trying Chrome and immediately switching because it was miles ahead. So did my friends. It was faster and had slicker UI.

Nobody keeps using a shittier browser no matter how many times you shove it on their faces.

Btw Chrome is still faster than Firefox for stuff that matters and often by a considerable amount:

https://www.phoronix.com/scan.php?page=article&item=chrome83...

I don't really have any evidence (hopefully Google will be required to release that evidence in a monopoly probe) besides what I recall from advertising but security certainly doesn't seem to be the primary factor. Speed certainly brought in a lot of users, but by the time Firefox caught up, I am not sure what the market share was (at first there was a huge difference in performance, I don't think that today's difference in performance is comparable).
By the way, where is the evidence for your claims that a small change in performance equals large market share?
Microsoft had IE as the DEFAULT - and did plenty of pushing itself.

Across almost all dimensions chrome was better when it came out - people seem to forget how horrible browsers were historically (and how easily abused). I know ages ago of an entity that just got tired of dealing with the problems folks caused not using chrome (whether it was chrome's website blacklists or whatever - folks using chrome were less likely to get ransomeware - period). Literally - EVERY install of crap seemed to be coming from IE users, except one case I know of where someone had a chrome extension change hands and go rouge.

Domains are only a meaningful root of trust if they're tightly controlled by a small set of people. A piece of content being on 'news.ycombinator.com' or 'github.com' literally tells me nothing about how trustworthy it is. In the case of yc, i have to look at the poster, and the actual content, and the replies to it. For github, I have to look at things like who posted the code and which repository it's in - both things that are displayed in the URL, oddly enough...

Google's URLs are of course long strings of useless hex/base64 garbage, so it's natural that they want to hide them.

100% false. If you login to news.ycombinator.com it's unlikely you are logging into a fishing site for ycombinator. If you login to github.com - again, very unlikely github is running a phishing scam on you.

Do folks not understand the importance of this?

The strange part there is that this is mobile Chrome following the mobile Safari UX which has never been criticised like this. It's just bizarre.
Even desktop Safari does this by default! And yet no one was outraged.
i think its because apple isnt trying to mitm your web browsing with some amp-style service (yet)
But Apple does blatantly MITM urls into their own proprietary walled garden! Just a few days ago there was a HN post about Safari On iOS 14 redirecting from certain articles to Apple News. It was, of course, quickly flagged away from the front page.

https://news.ycombinator.com/item?id=24113056

> It was, of course, quickly flagged away from the front page.

what does that imply?

That the HN audience in aggregate has a hypocritically lower appetite and interest in Apple's web shenanigans, given that a moderator never identified anything actually wrong with the submission and given that Google would be crucified for a similar action in Chrome for Android.
i always thought it was kind of strange how apple somewhat gets a pass for still releasing it's browser according to basically the IE6 model and worse (since you can't even install competing engines)
Apple users choose to get a system that does different things that restrict them in non-obvious ways. Those people are not going to complain much.

Chrome is the default option for browsers. People don't really choose it anymore.

Considering most techies have iphones and macbooks I can’t make sense of your comment.
Google has not only become dominant because their product is good. First and foremost, they leveraged their market power through android and their search engine to get people to use chrome.
Lol ? You do know Android was nascent when Chrome became dominant.
As another said -- chrome was dominant before Android was a player.

Firefox blew a hole in the IE wall. Then chrome came along and was more acid compliant, leaner (Ux/ui), faster, and it's approach of per-tab processes was superior to a lock-up prone Firefox, or IE.

Firefox required admin rights to install on Windows, what locked most of the user base out of its reach.

Chrome got his market by silently installing as the IE rendering engine, and by being bundled with other software.

I don't think there was anything silent, IMO.

The other biggest factor IMO Chrome greatly focusing on developer tools --> eventually stealing away firebug dev, and in turn taking the throne as the developer browser of choice.

Chrome was already very popular by the time it became any good (compared to Firefox).

But even sooner than they investing in dev-tools, they made a killing from tab isolation right at a time when Firefox had most of its stability problems.

(comment deleted)
They could emphasize the FQDN without removing the URL.
They've been doing this (showing the rest in grey) for a long time.
People (at least some %) just trigger on see the company name in the bar - if I gave a pop quick to all your relatives do you think they could accruately manager to describe all the separators and what they mean? ?&/: etc?

They've wanted to remove the URL for AT LEAST 6 years - it's been a well known issue inside google that URL's dont' do a good job showing orgin info.

Didn't they have the origin chip idea way back?

"Conspiracy theory!" has become a term for dismissing genuine concerns.
So the theory is that this is part of Google's evil plan to make it impossible to tell the difference between an AMP page and the real page because the next step is to remove the URL bar.

Given that this change makes it plainly obvious what domain you're on... Now tell tell me if this is a genuine concern or a conspiracy theory.

They could just color it differently or show it in bold text.

Hiding the rest is clearly motivated by something else.

The Chromium blog post (which points out that like Safari on the Mac there's a setting now (not just a flag) to disable it):

https://blog.chromium.org/2020/08/helping-people-spot-spoofs...

"Always show full URLs" is such a breath of fresh air. It eliminates all the URL butchering (e.g. inconsistent hiding of http/https) that Chrome had been doing for more than a decade.

Though I'm not seeing the option by default on a fresh install of Chrome 86; hopefully that's just a rollout glitch.

What would be even more honest is that when people first install that version, they're asked what they want that setting to be.

It would be interesting to see the results.

so... is this a chromium thing or a chrome thing? if it is just exclusive to chrome, then maybe it's time to finally give the new microsoft edge a try.
The official build of Chromium tracks Google Chrome quite closely, so I feel confident assuming that the change is there as well, even though I haven't checked. But since Chromium is open source, I'm not sure anyone can really answer that question. Whether the change is in Microsoft Edge depends on how far Microsoft is willing to diverge from mainline (and where specifically they want to spend their resources).
This is how Safari for iOS (and desktop?) has worked for a long time... the domain is shown unless the URL field is selected. I like it.
They're just BEGGING for an anti-trust suit.
The URL hiding thing is what finally pushed me to use Firefox full time last year.
One of my favorite macOS/iOS features is URLs. Most good native apps-- Things, Drafts, DEVONThink, etc.-- support URLs. URLs such as `things://` and `drafts://`. Some accept POST as well as GET.

There's even a specification of an iOS/macOS protocol very reminiscent of webhooks. http://x-callback-url.com/