Google Is Resurrecting ‘WWW’ In Chrome Amidst User Backlash

Last week, Google decided that the ‘www’ that comes before most URLs was a ‘trivial’ subdomain and therefore wouldn’t be displayed in the newest version of Chrome. This week, it’s bringing ‘www’ back amidst calls from security experts that the change was a “hacker/takeover dream”.

Google is temporarily rolling back changes that hid ‘www’ from URLs, though the full developer statement looks like it intends to continue with the plan to kill ‘www’ entirely – to what end, no one is sure. Here’s the statement in full:

In Chrome M69, we rolled out a change to hide special-case subdomains “www” and “m” in the Chrome omnibox. After receiving community feedback about these changes, we have decided to roll back these changes in M69 on Chrome for Desktop and Android.
br>
br>
In M70, we plan to re-ship an adjusted version: we will elide “www” but not “m.” We are not going to elide “m” in M70 because we found large sites that have a user-controlled “m” subdomain. There is more community consensus that sites should not allow the “www” subdomain to be user controlled.
br>
br>
We plan to initiate a public standardization discussion with the appropriate standards bodies to explicitly reserve “www” or m” as special case subdomains under-the-hood. We do not plan to standardize how browsers should treat these special cases in their UI. We plan to revisit the ‘m’ subdomain at a later date, after having an opportunity to discuss further with the community.

Users have continued to question why this change is so necessary in Chrome, and what possible use it could serve that outweighs the potential risks.

One reply to the Chromium blog post just says: “Please do not elide any components of URLs because all parts of a URL are user-controlled. Information hiding discourages literacy.”

As mentioned in our original story on the subject, it’s often important to know that www.website.com and website.com aren’t the same domain at all – and it’s fairly easy to find examples where these are completely different sites. The same goes for the mobile browser subdomain ‘m.’, which Google is also still determined to find a ‘solution’ to.

At least in the short term you won’t have to use a workaround, but we might be back to square one when M70 ships in October.

Comments


Leave a Reply