Google engineers are working on a replacement for the URL

Cal Jeffrey

Posts: 2,456   +562
Staff member

Google Chrome celebrated its tenth birthday today with a major design overhaul. The browser features a whole new look, better tabs (including customization), and a password manager, among other things. Chrome engineers are far from done though. In addition to considering features and functions it can add to the browser down the road, the team is focusing much effort on finding a way to change URLs.

Uniform Resource Locators, or URLs as they are more commonly known, were created to make web IPs more user-friendly. In other words, instead of having to type “184.173.241.66” to go to a website, we can use a URL like "techspot.com." However, over the years URLs have become more complicated and therefore easier to exploit by hackers.

“People have a really hard time understanding URLs,” Chrome's Engineering Manager Adrienne Porter Felt told Wired. “They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity.”

Indeed, URLs have become so untrustworthy that I do not even click on links that my bank sends me in its official communications. I will instead visit the bank’s website from my bookmarks which I know I can trust. Phishing has become sophisticated enough that fake URLs that look authentic are not even hard to create any more.

“So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them,” said Porter Felt. “We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.”

This idea is easier said than done. Even within the Chrome team, engineers are divided on how to accomplish this. Porter Felt and Chrome’s Chief Engineer Justin Schuh claim that they have some ideas on how to approach the problem, but it is too early to reveal anything, especially since they cannot agree on what would work best.

"It’s important we do something because everyone is unsatisfied by URLs. They kind of suck."

“The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices,” said Wired.

The Chrome team already knows that whatever they propose will be controversial. Change is almost naturally resisted when something new is suggested. This is especially true for long-established protocols. However, reluctance to change is no excuse to continue using something that is inherently broken.

“I do know that whatever we propose is going to be controversial,” said Parisa Tabriz, director of engineering at Chrome. “Change will be controversial whatever form it takes. But it’s important we do something because everyone is unsatisfied by URLs. They kind of suck.”

Google has considered the problem with URLs before. In 2014 they tested “the origin chip,” which just showed the name of the website a user was browsing. Clicking the chip would reveal the entire URL. The feature received mixed reviews in the beta period, so they pulled it. The team says it is using the feedback it received back then to inform its current efforts.

There is no timeline for when engineers may implement something, but Porter Felt said that they would be more willing to talk about the details later this fall or next spring.

Permalink to story.

 

VBKing

Posts: 72   +34
"It says URLs have become to complicated and unwieldy and are easily exploited by phishing schemes."

No matter what one group of people come up with to solve a problem, another group will show you how you screwed up and how your solution is just as exploitable as any other.
 

JaredTheDragon

Posts: 680   +433
"There is no timeline for when engineers may implement something, but Porter Felt said that they would be more willing to talk about the details later this fall or next spring."

They're going to talk about the details of what they've been talking about for three to nine months, instead of just doing any work. Google "engineers" are incredible.
 

amghwk

Posts: 739   +515
Just like how laws are meant to be broken, software is meant for hacking.

They move from URL to another form, and the already bored URL hackers will be overjoyed with new challenges to hack...something new to do, with the future iteration of Google's security 'innovation'.


“People have a really hard time understanding URLs,” Chrome's Engineering Manager Adrienne Porter Felt told Wired."

I find www.techspot.com is easy to understand and go to.
 

cliffordcooley

Posts: 12,383   +5,782
People are underestimated once again. And things are to be dumb down, till they are so complicated no one will understand them.
 
  • Like
Reactions: psycros

psycros

Posts: 3,159   +3,295
URLS don't suck - TCP/IP sucks, because its inherently insecure and everything built on it is inherently insecure. That's why end-to-end encryption is the only way I roll 95% of the time and so should everyone else. Email is even MORE insecure - that's why people can create a fake link that a mouseover still shows as valid, forcing you to examine the source.
 
  • Like
Reactions: cliffordcooley

FF222

Posts: 224   +165
URLS don't suck - TCP/IP sucks, because its inherently insecure and everything built on it is inherently insecure. That's why end-to-end encryption is the only way I roll 95% of the time and so should everyone else. Email is even MORE insecure - that's why people can create a fake link that a mouseover still shows as valid, forcing you to examine the source.
You realize that
1. TCP/IP can support encryption (see tcpcrypt)
2. both SSL/TLC and
3. all email protocols are built on top of TCP/IP
4. encryption of the transport stream has nothing to do with neither URLs,
5. nor a mouseover showing a fake link address
don't, you?

No, you don't, because then you wouldn't keep talking such stupid things.... You just simply have not even the slightest clue about what you're criticizing.
 

alabama man

Posts: 563   +355
Their main purpose is to spy for american military and selling ads. They don't want any good to anyone so I'm wondering what kind of spying stuff they are designing now. I don't know much how the internet works but this sounds to me like they want to re-structure the internet from the ground up to be easier to spy on. Or maybe they can block ad blockers after this, something evil anyways.
 

tipstir

Posts: 2,854   +198
URL replacement oh my really after all these years even in 1991 all of what we had wasn't here it was just static boring images. Google has gone from search engine to KING of Internet. I don't only use their browser I use many others most on based on Google Kernel the other just modified the Google Kernel to be less restrictive. Making the browser is quicker..
 

jackal2687

Posts: 105   +30
TechSpot Elite
"There is no timeline for when engineers may implement something, but Porter Felt said that they would be more willing to talk about the details later this fall or next spring."

They're going to talk about the details of what they've been talking about for three to nine months, instead of just doing any work. Google "engineers" are incredible.

You need to know what you are working on before you start. If anything the article may be premature. Yet still, the discussion is worth having.