Google Chrome experiment points to changes in URL bar to identify genuine websites

If long URLs irritate you then Google’s latest experiment to hide them could be music to your ears. Chrome Canary, which is experimental version of the Chrome browser, now has a feature that hides long URLs and displays only the domain name, followed by the URL string. But since this is just an experiment, it may or may not be integrated into the stable build of Chrome browser.

This move seems to be aimed at tackling the menace of phishing. The problem is that phishing URLs often are very similar to the original site’s URL to lure unsuspecting users. It’s easier to be fooled when there’s no sign to denote the domain name. More often than not this is a major hurdle for phishing victims.To stop this, Google started highlighting the domain name specifically, but this is not enough of a security signal.

Google Chrome developer advocate Jake Archibald explains the experiment in a post on his site. He states, “Find someone who doesn’t work in tech, show them their bank’s website, and ask them what about the URL tells them they’re on their bank’s site. In my experience, most users don’t understand which parts of the URL are the security signals.”

To understand how this feature could help Chrome users look at the image below. The image comprises of two URLs. The first URL only shows the domain name and hides the rest of the URL. Beneath it is a long URL from a phishing website. If the link was from a genuine or trusted site you would not see the long grey bar, blocking much of the Chrome address bar. This is a clearer signal to the user that the webpage could be a phishing link.

However, there’s still a certain amount of burden on the user to verify the website before entering any credentials. Even with the new UI, it won’t be long before criminals figure out a way around it. It must be noted that iOS 7 does a similar thing, by masking the entire URL from mobile Safari.