[kube-system]

> Also this move to hide the full url comes at the reliance of instead looking for a green shield or some type of lock icon

The move to hide the full URL is to make the URL readable for the average user. People on this site might know how to parse URL components in their head, but the average user does not inherently understand the DNS hierarchy nor do many completely understand URI delimiters.

    https://secure.bankofamerica.com.0-0.pw/login/securelogin.aspx

might look okay to a lot of people

    0-0.pw

would be a little better indicator that it isn't their bank.

The padlock is mostly useless in today's world. It was useful in a time when ecommerce was young and otherwise legitimate sites were collecting information via http. There was an attempt to make it more useful with extended validation certs, but that solution didn't really end up being effective. Phishers could still register EV certs that spoofed other names, and adoption was too low to change user behavior.

[marcellus23]

To be fair, Safari would truncate that to `secure.bankofamerica.com.0-0.pw`, so not necessarily much better . But also not any worse than showing the full URL.

[kube-system]

Fair enough. I'm remembering back to the original proposal from the Chrome team who were going to truncate all subdomains for this reason. But I think they backtracked some on that.

[waboremo]

I'm confused by your point. You are claiming the padlock is mostly useless in today's world, but it's actually even more important in the world of hiding the full URL.

[kube-system]

95% of the internet runs https.

Criminals today phish people, use HTTPS, and people have a false sense of security because of those who told them “padlock = good”. The padlock served a purpose to drive http adoption. It does more harm than good today.

Browsers should instead upgrade to https automatically on all connections.