Helping people spot the spoofs: a URL experiment

On today’s web, URLs remain the primary way users determine the identity and authenticity of a site, yet we know URLs suffer from usability challenges. For example: there are myriad ways that attackers can manipulate URLs to confuse users about a websi…


This content originally appeared on Chromium Blog and was authored by Chromium Blog

On today’s web, URLs remain the primary way users determine the identity and authenticity of a site, yet we know URLs suffer from usability challenges. For example: there are myriad ways that attackers can manipulate URLs to confuse users about a website’s identity, which leads to rampant phishing, social engineering, and scams. In one study, more than 60% of users were fooled when a misleading brand name appeared in a URL’s path.


Different browsers approach this challenge in a number of ways, including showing only the domain by default, or visually highlighting the registrable domain (the “most significant” part of the domain name). In Chrome 86, we’re likewise going to experiment with how URLs are shown in the address bar on desktop platforms (animation below). Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks.

An experiment in Chrome 86 shows the domain name by default and full URL on hover



Prefer to see the full URL?

If you find yourself in the experimental group, and you’d like to view the full URL for a given site, you’ll have two options. First you can hover over the URL, and it will expand fully. Second, you can right-click on the URL, and choose “Always show full URLs” in the context menu (screenshot below); enabling this setting will show the full URL for all future sites you visit. (Notably: Enterprise-enrolled devices won’t be included in this Chrome 86 experiment.)



A setting in the context menu allows you to always show full URLs in the address bar



We welcome your feedback!

If you’re not randomly assigned to this Chrome 86 experiment, and you’d like to try it out, please install Chrome Canary or Dev channel, open chrome://flags in Chrome 86, enable the following flags, and re-launch Chrome:

  • #omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover

  • #omnibox-ui-sometimes-elide-to-registrable-domain

  • Optionally, #omnibox-ui-hide-steady-state-url-path-query-and-ref-on-interaction to show the full URL on page load until you interact with the page.


Thanks in advance for your thoughts! You can file bugs or feature requests on our bug tracker.



Posted by Emily Stark, Eric Mill, Shweta Panditrao, Chrome Security Team


This content originally appeared on Chromium Blog and was authored by Chromium Blog


Print Share Comment Cite Upload Translate Updates
APA

Chromium Blog | Sciencx (2020-08-12T17:29:00+00:00) Helping people spot the spoofs: a URL experiment. Retrieved from https://www.scien.cx/2020/08/12/helping-people-spot-the-spoofs-a-url-experiment/

MLA
" » Helping people spot the spoofs: a URL experiment." Chromium Blog | Sciencx - Wednesday August 12, 2020, https://www.scien.cx/2020/08/12/helping-people-spot-the-spoofs-a-url-experiment/
HARVARD
Chromium Blog | Sciencx Wednesday August 12, 2020 » Helping people spot the spoofs: a URL experiment., viewed ,<https://www.scien.cx/2020/08/12/helping-people-spot-the-spoofs-a-url-experiment/>
VANCOUVER
Chromium Blog | Sciencx - » Helping people spot the spoofs: a URL experiment. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2020/08/12/helping-people-spot-the-spoofs-a-url-experiment/
CHICAGO
" » Helping people spot the spoofs: a URL experiment." Chromium Blog | Sciencx - Accessed . https://www.scien.cx/2020/08/12/helping-people-spot-the-spoofs-a-url-experiment/
IEEE
" » Helping people spot the spoofs: a URL experiment." Chromium Blog | Sciencx [Online]. Available: https://www.scien.cx/2020/08/12/helping-people-spot-the-spoofs-a-url-experiment/. [Accessed: ]
rf:citation
» Helping people spot the spoofs: a URL experiment | Chromium Blog | Sciencx | https://www.scien.cx/2020/08/12/helping-people-spot-the-spoofs-a-url-experiment/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.