Education
Google is researching domain-only URLs in Chrome to help with foil spam and phishing.
Google is experimenting with displaying domain names in Chrome's address bar instead of full URLs. The function will be tested in the upcoming release of Chrome 86, with Google hoping that the update will protect users from scams and phishing attacks using deceptive URLs.
Domain names and URLs are one of the most basic types of web security that we have, allowing us to easily find out where we're online. Sometimes, however, they could be used to deceive. Hackers and scammers also build fake websites that look legitimate by using typos URLs (twitter.com) unknown subdomains (yourbank.sign-in.info) or hyphenated domains (secure-gmail.com).
Unsuspecting users then visit these URLs assuming that they belong to legitimate companies until they are fooled into giving away their credentials.
Many browsers like Safari display only the domain name of the URL in the address bar, partially because it looks better, but also because it makes some of these scams more noticeable. If you're used to seeing facebook.com in your address bar and your browser unexpectedly displays facebook.com.money.biz.scam.inc instead, you (hopefully) get suspicious.
Google says that a new domain-only feature would be displayed to a random user subset in Chrome version 86. The organization needs to see if the update "makes users know that they are accessing a malicious website and protecting them from phishing and social manipulation attacks." If it does, we will expect it to become a permanent feature in the future.
If you're not participating in the trial but want to see what it looks like, you can download Chrome 86 via canary or dev channels, open chrome:/flags, trigger the following flags, # omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover and # omnibox-ui-sometimes-elide-to-recordable-domain, and re-launch Chrome to test it.
Chrome 86 is not scheduled to be released as a stable update until October.
