Google has decided to drop the www and m subdomains from the URL in the Chrome address bar citing them as being unnecessary ‘trivial’ characters. So for example when the user visits www.latesthackingnews.com the website will be stripped of www and only latesthackingnews.com will be shown to the user.
What do the Security Experts think about it?
Users and security experts have expressed their concerns that this move could create problems for the users when they are viewing particular websites. There could be cases where if the www was stripped incorrectly it could result in the incorrect URL in the address bar. A Chromium developer has started a bug report stating that www and m (mobile) are being classified as trivial by Google as most people don’t need to be concerned with the information they present.
“The subdomains repeat when editing the URL so people type the correct one. They disappear in the steady-state display case because this isn’t data that most users need to concern themselves with in most cases. I think this is an OK tradeoff even in the rare case when www.foo.com is not actually the same as foo.com. (Side note: like it or not, almost no real-world users will use such a thing correctly; configuring your server like this seems like a Bad Move even if it’s technically legal, because people are going to access the wrong thing, and that has been true for some time and irrespective of Chrome’s UI changes.)
There are cases where www.domain.com does not go to domain.com which will confuse the users of the website and another example might be the NTP server. The researchers say that how do you distinguish http://www.pool.ntp.org vs http://pool.ntp.org and what if there is a domain with URL http://www.example.www.example.com.
The new Chromium Source Code has the function called IsTrivalSubdomain() it checks whether “www” is present in the subdomain the function returns TRUE and if the OS is Android or iOS it will check for the “m” in the domain.
Code That Removes the Sub-domain WWW and M
private:
static bool IsTrivialSubdomain(base::StringPiece subdomain) {
if (subdomain == "www")
return true;
#if defined(OS_ANDROID) || defined(OS_IOS)
// Eliding the "m" subdomain on Desktop can be confusing, since users would
// generally want to know if they are unintentionally on the mobile site.
if (subdomain == "m")
return true;
#endif
return false;
}
Take your time to comment on this article.