Omni(box)shambles? Google takes aim at worldwide web yet again

Google is having another go at killing off the displaying of https and www in the URL bar of upcoming versions of Chrome, despite protests from users.

The company had previously had a crack at nixing the scheme and subdomain last year, but rolled back the change after users expressed alarm.

Back then the plan was to lose the "m." subdomain as well as "www." all in the name of usability. While the Chocolate Factory is still keen on axing "m." at some point, it is "www." that is for the chop now.

Emily Schechter, a product manager for security in Chrome, explained yesterday that since the tech had been lurking in the Canary, Dev and Beta channels for a few months now, the gang reckoned it was time to spread the net wider via the Stable channel.

While Google reckons that the move will "make URLs easier to read and understand" and "remove distractions", others have protested that the "www." is "valuable and often critical information". Google claims it (along with "https") is "irrelevant to most Chrome users".

To assuage the anguish, kindly old Google will allow power users to plug in an extension to turn off the scheme and subdomain hiding antics of the Omnibox, the jack-of-all-trades-master-of-none text box into which users enter URLs or search terms. In a masterstroke of usability, a double-click will also show the full URL.

Google, which still has the phrase "don't be evil" at the end of its code of conduct, is of course thinking only of the poor, easily confused users rather than a continuation of a war on the URL. Obscuring the URL, a cynic might suggest, would be handy to conceal when, say, an ad giant is flinging Accelerated Mobile Page (AMP) versions of websites at users.

Tarquin Wilton-Jones of Chromium-based Vivaldi, an outfit already suspicious of Google's extension antics, told The Register that the move was unlikely to impact security, since "the website's base domain (example.com) is what has all the security tied to it".

However, "this logic could potentially confuse users. It will be nearly impossible for users to recognise the difference between www.example.com and example.com, if they serve different content."

The developer added: "It would not be clear to users how to get from one to the other if needed."

He went on to point out that it remained to be seen how many sites actually throw up different content on the domain and sub-domain: "Presumably Google have some knowledge there."

On the other hand, Wilton-Jones praised the decision to remove https, explaining a https website could still fail security checks. He told us: "Long ago, we chose to hide 'https://' for this reason, and simply show a security indicator (secure or not)."

He added: "It is nice to see that Chrome has now recognised the benefit of this approach."

Vivaldi, of course, does not use Google's Omnibox code, preferring its own take on an address field.

We asked Google in which version of Chrome users might expect to receive its largesse and if there could be an easy-to-access switch for it (defaulted to Off), but have yet to receive a response.

Thanks to the Reg reader "blank" (yes, that is their handle) for the tip. ®