Chrome’s Killing ‘WWW’ in Address Bar — And That’s Bad

[Paul Wagenseil]

The new Chrome version hides 'www' and 'm' in the address bar, making it easier for fraudsters and criminals to fool you with fake websites.

Chrome’s Killing ‘WWW’ in Address Bar — And That’s Bad : Read more

 

[middlerun]

'A bad guy could put up a phony website at "yourbank.com" with an identical look and feel to the legitimate website "www.yourbank.com".'

This is incorrect. If the bank registered yourbank.com, then they also control all subdomains including www from the same DNS. Subdomains can't be registered separately.

 

[shawndugout13]

Correct MIDDLERUN. Also, a bad guy COULD put a phony website..etc..you mean like now anyway.?? Not to mention any secure or authentication methods set up between user/device to vendor/site. I guess an inside job maybe to register subdomains? That would be or could be going on now anyway. Are we missing something here? I'm not that smart but I can't see a big issue here other than some simple retraining maybe? Thoughts?

 

[Paul Wagenseil]

You guys are right. It should have been obvious to me, but it wasn't. Thanks for the comments, and the story has been updated.

 

[ron_reynolds]

I work at a web development agency, and there is literally no reason to be upset/concerned about the removal of "www" and "m." because they ARE trivial. Most users don't type "www" anymore, and any developer worth their salt will set up a force redirect to send those users to the full TLD with the "www" at the beginning.

Also, anyone saying that the same URL with/without the "www" is not the same site is straight-up wrong. (Having said that, if the above forced redirect isn't implemented, you might get a page not found error, but there's no way you're going to see two different sites.)

Having said all of THAT, the only concern people are raising that MIGHT be worth discussion is if Google is indeed planning on sending everything through AMP - even if there are no indications that is forthcoming.