Hacker News new | past | comments | ask | show | jobs | submit login

Along the lines of your last thought (helping users understand the URI, displaying it in an idiot-proof manner), this wouldn't be at all hard if they simply had 4 separate areas for protocol, hostname if any, domain & public suffix combined, and path. e.g.:

    https://www.example.net/foo.html
becomes:

    [https] [www] [example.net] [foo.html]
Then they can colour the public suffix e.g. black and the rest of it light-grey, much like they do already, BUT it's also clear which box you always need to look at to determine the site's identity.

It could go even further and obscure the contents of the first, second, and fourth boxes, until you mouseover or focus it (but all of the boxes should appear light red in background for http, and light green for EV, even if you can't see the text in them), and the last one should be far from the one before it, to avoid e.g.:

    [https] [www.example.net] [example.org] [foo.html]
    [https] [www] [example.org] [www.example.net/foo.html]
(It would be easy to accidentally think you were somewhere at example.net with both of the above, even though you're really somewhere at example.org)

Clicking on any box (or the regular Ctrl+L) could turn it back into one box (for easy URI copying) and defocusing it will revert it again. Power users could set a knob to simply always display the 1 bar they've been looking at for the last 25+ years.

Maybe there could even be a conditional 5th area for the query parameters (GET variables) which isn't even shown by default (without input area focus), who knows.

    [https] [news] [ycombinator.com] [reply] [id=19032043&goto=item%3Fid%3D19031237%2319032043]
Just my wild 4am ideas... probably lots of things wrong with it I can't imagine right now.



I'd personally invert the order of the 2nd and 3rd areas. Yes, it'll look ugly, but it's way easier for users to parse for phishing:

https://example.com.phishing.com -> [https] [phishing.com] [example.com] [foo.html]


You can go Big endian all the way,

[https] [com] [phishing] [com] [example] [foo.html]


phising is not the only issue with urls


while we're at it we could make the query parameters into a textfield which could expand into a table, for easier editing of values


Ditch the protocol and show a lock or not. My parents don’t know what “https” means.

Or ditch the protocol and not render http at all by default.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: