It was Safari who first started hiding the complete URL. Here’s what CSS-Tricks looks like even when you’re on an article page by default in Safari:
You can only fix it (YES, FIX IT) by checking “Show full website address” in settings.
We’ve already damaged the sanctity of URLs in a way with URL shorteners. Thankfully, those are used less and less with social networks, like Twitter, not counting the URL toward the total tweet character count anymore.
Now, Lily Hay Newman reports Chrome sees problems as well:
“People have a really hard time understanding URLs,” says Adrienne Porter Felt, Chrome’s engineering manager. “They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.”
I’m not seeing the same research they are. Anecdotally, I’m not sure I’ve met anyone who doesn’t understand a URL. I wonder if there is something else weird afoot here. URLs are the single greatest feature of the web. I know nobody is arguing about removing them (just visually hiding them by default), but it doesn’t feel like a step in the right direction. It also seems slightly at odds with the celebration of the web in Chrome’s 10-year anniversary post by Paul Kinlan:
We can thank all the browser vendors for their continued work to create and iterate on specs, using streamlined processes like those defined by the WICG and based on the principles in the Extensible Web Manifesto. We’ll continue our commitment to work with browser vendors and the developer ecosystem to prioritize features that users need, and to ensure that those capabilities arrive in a “webby” way.
I’d say seeing URL’s is pretty “webby.”
If Google is seeing a lot of people who can’t understand URL’s it’s because their own URL’s are polluted with Get form data parameters. Exhibit A the Google Search URL’s, the only parameter that has to be there for functionality reasons is the query string the rest of it can be put as a post request parameter if they actually need it, which I doubt they do.
Here here, great point. UTM tracking too are making the web a disaster. Also in usual Google fashion they train marketing folks to do this with tools.
I’ve not read anything one way or the other on this topic until now, though Safari hiding the full URL does annoy me.
However, I have come across users that get confused by the aspects of a URL sometimes, such as the common subdomain phishing scam that goes around asking you to sign in to facebook.totallylegitfacebook.com.
Also I think this move could give more traction to the plethora of TLDs that are now out there – we’re hesitant to recommend any uncommon TLDs to our clients because of the potential for confusion when promoting/advertising (e.g. we’d recommend cooldudesassociates.com over cooldudes.associates). But perhaps this could be a solution to that – make ordinary users more aware that websites don’t just need to be .com anymore.
Isn’t it obvious why Google wants this?
Imagine a world where you don’t ever have to type an URL, how do you get where you want to go?
It’s just an underhand practice to boost their monopolies…
First, they get people as dumb as they possibly can. This way, people HAVE to use a search engine and we all know Google has 90% of the market there (maybe more)
Second, Google will be controlling which companies survive and which will crash and burn. Either you pay Google big money to appear on AdSense or be on the 1st page, OR die by being on the 3rd page that nobody ever consults…
So yeah, why Google wouldn’t want to make their own Search Engine and AdSense the only players in town? They’ll do it for your own good… /sarcasm
Are you sure? Knowing a URL identifies a webpage doesn’t equate understanding a URL. How many non-technical people understand what’s a domain/subdomain, which part of the URL represents site identity, how to recognize a phished URL? I’d say not that many.
I do like my URLs as well. But it’s hard for me to ignore these problems.
I seem to remember Safari concealing the latter part of the url to help users see the domain easier as part of a security effort, so there seems to be good intentions there. I’m always skeptical of Google’s intentions though, even before the more recent negative press in our community.
I totally agree. I too have literally never heard anyone say they don’t understand a URL. Maybe we don’t always understand every bit of it, but you can usually get some meaningful information about where you are.
I wish I could visualize this future they’re thinking of.
Unfortunately, just this week, I learned that my gf doesn’t understand URLs. She wanted me to visit some website and gave me it’s name, but when I asked her if it was .com or something else, she replied “no, it doesn’t have that, just press enter”. Well, doing that returned the google search results, and sure enough, it was the first result. For her this was the natural thing to do. Not just for this website, but for every website. Even if she knows the (short) URL, like for example facebook.com, she always just type “facebook” and goes through google.
Not only does my wife do the exact same thing, but so do 90% of my coworkers – most of whom are in there late 40s and up.
When you are constantly immersed in a tech bubble, it’s very easy to forget that more than 2/3 of the US population are not digital natives; as in did not grow up with the internet as a major part of life – for the majority of their lives.
Also, most people are lazy if given the option. Because browsers added direct search functionality within the url bar so you don’t have to manually go to google.com or bing.com to search, it trained most nontechnical people to do exactly that. Why remember the entire url, including TLD, when you can just type a word or two, hit enter, and click the link. Honestly, it’s the same thing that the contacts app in smartphones has done to remembering individual phone numbers.
Yup, that is the cruel reality that us tech savvy people fail to often realize. My grandmother however recgonizes domain endings and associates them with from what country the website is from – which isn’t actually a true indicator of anything, but at least something.
Data: a look at any list of the top search queries will confirm that many if not most users do exactly this. The fact that ‘google’ is almost always in the top 5 (even on Bing??) would suggest users are searching in the address bar, rather than from google.com
In any case, I fully agree that we shouldn’t be removing basic features like displaying the full URL. And even with that heavy-handed ‘solution’, I’m not sure there’s an easy usability answer here. Displaying only the top level domain in the address bar wouldn’t prevent scammers from grabbing a Let’s Encrypt or even an EV cert, both of which users regard as ‘trusted’. Nor would it prevent unicode URL phishing spoofs.
Most of the “civilians” I’ve watched using a computer enter web addresses this way. For some reason they don’t know where to type the URL, if they even know what a URL is (I don’t think they do), and they type it in the search field because that is the most prominent field in the browser window.
I second this and is the what see ALL the time people doing. It was also the reason my wife’s laptop got infected with ransomware. She wanted to install Skype so instead of using http://www.skype.com (she wouldn’t have known this URL), she typed Skype into chrome, got the SERP, clicked the very first result, which was an ad to something which likely had one of those big “download now” buttons. Downloaded something and boom. I was utterly appalled at such an ad being on the SERP but what can you do. Everyday someone i know needs to check their yahoo email, so they enter Yahoo into chrome, SERP, click yahoo, then click mail etc etc. I put bookmark to mail.yahoo.com and the reaction was sheer amazement. in their eyes, google is the only way “onto the internet”.
The thing with trusting URLs is that’s its hard for people that are not technical. You say that you’ve never anyone that doesn’t understand URLs people that’s because your circle is more technical.
I’ve seen people trying to try users on Facebook and elsewhere by giving that links that look like Facebook.something.com, and indeed people have fell for this.
I am not arguing for or against the change, I am just pointing out something important
I get the point being made, but I don’t at all agree with the execution. The point is, if someone navigates to a phishing page, it’s easy to not pay close attention to the domain when the rest of the URL is giving equal importance. I think the domain SHOULD stand out for this reason. However, hiding the rest of it further obscures what is actually being requested. I think a reasonable compromise would be leaving the domain black (assuming a white address bar) and the rest appearing a slightly lighter gray.
Chrome actually does this now (black domain name, the rest in grey). I, personally, would not be opposed to even further design differentiation between the domain name and other parts of the URL. The more it stands out, the less likely casual users are going to be fooled by malicious sites.
I’ve turned on full urls in safari and when I’m working i select the address and drag it to the desktop. This gives me a handy list of references that i can order any way I like. I understand urls but it isn’t necessary for this work.
One solution could be to show the domain part in bold to make clear where are you instead of hiding.
Browsers are already highlighting the domain. Try Chrome or Firefox or Edge and you will see that the domain is slightly highlighted, altough for me personally it’s not so visible with a light theme which is default on browsers, it’s not so prominent. Don’t know about other browsers.
I use Firefox with the default dark theme and the domain gets more highlighted that way since it has more contrast.
I’ve seen multiple phishing attempts that try to appear legit by using a legitimate company name somewhere other than the domain name. I assume that is what browsers are attempting to combat.
I think the biggest failure (or intentional deceit) of Google was not clarifying from day one that the domain name is king of information, not the search results. I saw my clients using Google like an automated phone book back in early 2000s as soon as people started using.
In fact, I found it more common people would type “facebook” instead of “facebook.com” into the browser location bar. I would say 95% of all my clients didn’t understand the location bar, and they all had websites.
I tried to explain that the url/domain name was like a phone number or an address to a house, but it never sunk in with most people. They just don’t care to understand.
I think it’s up to the rest of the tech industry to make a stink about this to not allow monsters like Google to take over the internet and make it their own little fiefdom. Non-technical users don’t even know what the issues are or why they matter.
Google want to hide URLs because of AMP, which keeps you on google.com instead of on content producer websites.
There are two potential explanations for Google’s stance:
1) URLs, through the fault of a segment of web developers, have been polluted with enough crap over the past decade to make them often unreadable. Think, web apps that encode their entire state in hex and toss it onto the end of the URL.
2) Google would love it if the open platforms it used to build its empire were no longer so open. It’s in their best interest; we’ve already seen it happening with Android.
Probably it’s a little of both. If it were just #1, the simple solution would be to visually separate the base domain from the rest of the URL, so people could look to that for trust and not get bewildered by the rest.
Even if people were confused by URL’s (which I’ve never heard) the answer isn’t to hide the problem, it should be to educate anyone that doesn’t understand so they are no longer intimidated.
I agree with the general consensus, this is move by Google to help push their agenda with AMP and having the web exist more on the google.com domain.
I’m going to be brave and say I disagree. A full URL has actually no value for the user. Nobody care’s. As long as you’re able to bookmark it and share it correctly the typical user is not interested in what’s behinde that URL.
I think the jest of the discussion leans in a way that most users probably won’t even notice that the URL went. Back in the days where firefox had a seperate field for the address and the search bar I hated chrome for the Omnibar and did everything possible to hide my address typos from google.
It was clearly a lost case. I see the same thing here. Users are being trained to ignore the URL but look for the green or red key in order to find out if a site is ligit. This is a good thing but search engines will move to a place where only encrypted certified sites are shown. That, no doubt, will make the web a saver place but put enormous power in the hands of a few. In 5 years we will remeber URLs as an artefact of the dark ages of the internet.
This will be the golden era for phishing when people cannot see the whole URL. Or even have no knowledge how to use them.
How will someone like me who is so used to looking at the urls of almost every single web page I open up in a browser be able to use the internet if browsers start hiding urls? It sure won’t feel any safer. My ability to simply look at a url has saved me plenty of trouble in the past.