Google wants to get rid of URLs but doesn’t know what to use instead


Article intro image

Uniform Resource Locators (URLs), the online addresses that make up such an important part of the Web and browsers we use, are problematic things. Their complex structure is routinely exploited by bad actors who create phishing sites that superficially appear to be legitimate but are in fact malicious. Sometimes the tricks are as simple as creating a long domain name that’s too wide to be shown in a mobile browser; other times, such as in the above picture, more nefarious techniques are used.

It’s for this reason that a number of Chrome developers want to come up with something new. But what that new thing should be is harder to say.

Browsers are already taking a number of steps to try to tame URLs and make them less prone to malicious use. Chrome’s use of “Not Secure” labels instead of showing the protocol name (http or https) replaces a piece of jargon with something that anyone can understand. Most browsers these days use color to highlight the actual domain name (printed in black type) from the rest of the URL (printed in grey type); Apple’s Safari goes a step further, with its address bar suppressing the entire URL except for the domain name, revealing the full text only when the address box is clicked. Microsoft’s Edge (and before it, Internet Explorer) dropped support for URLs with embedded usernames and passwords, because their legitimate uses were overwhelmed by malicious ones.

Even aside from their security implications, URLs are structured a little strangely; as the domain portion is read from left to right, it goes from specific (“arstechnica” is a specific website) to general (“com” is used for a wide range of commercial entities). The location after that, however, tends to go from general to specific (“gadgets” to denote the way we categorize our content; “2018/09” to narrow it down to a particular year and month, then “google-wants-to-get-rid-of-urls-but-doesnt-know-what-to-use-instead” to indicate a specific article).

In 2014, Google did experiment with a more Safari-like URL presentation called “origin chip,” but this effort was abandoned amid complaints and its own set of security concerns.

Google is keeping tight-lipped on its ideas for future URLs and is aware of the enormous uphill task ahead of it. URLs are ubiquitous, and any major change will inevitably be resisted. For now, the Chrome engineers are working to better understand how URLs are used in various contexts before making a new recommendation. After all, sometimes URLs are explicitly typed by users; other times they’re opaque and hidden behind hyperlinks. Some URLs are good for sharing, others aren’t. Sometimes they’re shown on devices with abundant screen space, other times they’re so cramped that only a fragment of the URL can ever be seen. For now, we’re left with the patchwork of browser features to try to make these important addresses a little easier to understand and a bit safer to use.

More Info:

%d bloggers like this: