/Google AMP: What Website Am I On? NYTimes or Google?

Google AMP: What Website Am I On? NYTimes or Google?


Take a look at the below screenshot from Safari for iOS. What website am I on?

AMP Example with NYTimes

Based on the contents of the page, I’m clearly on the NYTimes website, but based
on the address bar I’m clearly on google.com. If I click in the address bar
I see https://www.google.com/amp/s/www.nytimes.com/2020/05/22/technology/google-antitrust.amp.html, but if I click LOG IN on the page I go to
nytimes.com/*.

To be blunt, this is a really dangerous pattern: Google serves NYTimes’ controlled
content on a Google domain. It confuses the user whether to trust the address in
URL bar or the content of the page.
This confusion is precisely why phishing
attempts work so well. Humans trust visual indicators a lot. Google, with the AMP
Cache Project, is confusing humans more and training them to trust visual content
of the page over the URL in the address bar. This surprises me since Google
spends a lot of time researching visual indicators of security in the address bar
(like the padlock icon).

Comments on the post can be viewed here: https://news.ycombinator.com/item?id=23729160.

Original Source