9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
If you’re reading this week’s Security Bite on your desktop, look closely at your browser’s address bar. Notice how the main (root) domain is bolder, while the rest of the URL is a lighter grey? This is not an accident, it’s a purposly implemented psychological trick called salience bias. This little design choice has protected users from phishing attacks for over a decade.
Salience bias (sometimes called perceptual salience) is a cognitive behavior that causes one to notice things that stand out more, like something brighter, bolder, and overall more visually striking. Apple’s marketing wing is known for this. The company’s minimalist commercial ads, website pages, and even retail stores are built to draw attention to the subject, not the surroundings.
Most major browsers began adopting this technique around the early 2010s when full URLs were still being displayed. Internet Explorer 8 was first. Apple followed in 2012 with the release of Safari 6 on OS X Mountain Lion. Notably, the Safari update introduced something called “Smart Search Field,” which combined the address and search bars into one. It seems silly, but it was a big deal at the time. It was with this release that Safari also started darkening the URL’s main domain.
Today, desktop Safari makes domain salience even more apparent. By default, it only shows the root domain in the address bar — you have to click or tap to see the full URL. It’s the same approach most mobile browsers use, though you can turn it off in Safari’s settings if you like.
Who said UI design and security can’t go hand in hand? This is one of those obvious features we subconsciously notice but don’t think twice about. It’s a clean design choice that brilliantly emphasizes the most critical details up front, allowing potential victims to catch themselves before giving up sensitive information.
This little salience trick undoubtedly has saved millions from becoming victims of phishing attacks.
More in Apple security
Thank you for reading Security Bite, a security-focused column on 9to5Mac, made possible by Moysle.
Follow Arin: Twitter/X, LinkedIn, Threads
FTC: We use income earning auto affiliate links. More.
