[EpicEng]

Have they though? How many of their users understand what "www" or "https" mean? For those that have a vague idea, how many ever look?

I don't like the change either, for a variety of reasons, but I don't think I'm their average user either. For the average user, seeing the domain and nothing else likely improves security.

[RobertRoberts]

This isn't about users, it's about a scam to trick people into thinking that something is being served from their site, but it's not, it will be from Google. (ie, AMP)

[EpicEng]

Like I said, I'm against it for several reasons, but I replied to this:

>there seems to be a disconnect between the chrome devs and users

[dwild]

> seeing the domain and nothing else likely improves security

By hiding between 1 to 3 letters?

It seems much more secure to do it like Firefox using grey for the unimportant part and black for the important part.

If anything, if "m" is hijacked (by a feature actually to use subdomains), it's less secure because now he thinks he is somewhere that he isn't.

[EpicEng]

It's not always 1-3 characters. google-payments.sbc.net for example. For the third time, I'm not arguing in favor of Google's implementation. What I'm saying is that this has nothing to do with Google being out of touch with users as the GP suggests.

[dwild]

> It's not always 1-3 characters. google-payments.sbc.net for example.

It will consider google-payments as being trivial and hide it? I may have misunderstood something, the article mentions clearly only "www" and "m" and if anything it made me read more and it seems like they no longer hide "m" (which make it much better because now the only mistake can be made only between www and without it, which should be quite rare).

> What I'm saying is that this has nothing to do with Google being out of touch with users as the GP suggests.

You said that:

> seeing the domain and nothing else likely improves security

Sorry but you are arguing that it will improve security. I'm asking you to prove that it does improve security.

I'm not arguing whether it's in touch or not with their users, it's meaningless, security is not an esthetical choice.

[EpicEng]

>Sorry but you are arguing that it will improve security. I'm asking you to prove that it does improve security

My opinion on that bit isn't cemented in yet (why I used "likely"), but people are fooled by real-sounding domain names. They don't know what TLS is and they don't know what the prefix is, but they do know the difference between "google.com" and "avs.net".

[dwild]

> They don't know what TLS is and they don't know what the prefix is, but they do know the difference between "google.com" and "avs.net".

Sure but hiding www won't make google.com or avs.net more obvious.

This is an example that I wrote in another comment.

    Before the change: www.google.com
    After the change: google.com

    Before the change: google-secure-payments.google.via.net
    After the change: google-secure-payments.google.via.net

In the past, I guess the second URL would have included www at the beginning.

The dangerous one didn't change... the not dangerous one did change but doesn't matter really. They are just as similar.