The big picture: DNS servers have been helping us get to websites almost effortlessly for decades now, but Google thinks its time for change. It says URLs have become to complicated and unwieldy and are easily exploited by phishing schemes. It wants to introduce something new, but it's not quite ready to reveal just what that is yet.
Google Chrome celebrated its tenth birthday today with a major design overhaul. The browser features a whole new look, better tabs (including customization), and a password manager, among other things. Chrome engineers are far from done though. In addition to considering features and functions it can add to the browser down the road, the team is focusing much effort on finding a way to change URLs.
Uniform Resource Locators, or URLs as they are more commonly known, were created to make web IPs more user-friendly. In other words, instead of having to type “220.127.116.11” to go to a website, we can use a URL like "techspot.com." However, over the years URLs have become more complicated and therefore easier to exploit by hackers.
“People have a really hard time understanding URLs,” Chrome's Engineering Manager Adrienne Porter Felt told Wired. “They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity.”
Indeed, URLs have become so untrustworthy that I do not even click on links that my bank sends me in its official communications. I will instead visit the bank’s website from my bookmarks which I know I can trust. Phishing has become sophisticated enough that fake URLs that look authentic are not even hard to create any more.
“So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them,” said Porter Felt. “We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.”
This idea is easier said than done. Even within the Chrome team, engineers are divided on how to accomplish this. Porter Felt and Chrome’s Chief Engineer Justin Schuh claim that they have some ideas on how to approach the problem, but it is too early to reveal anything, especially since they cannot agree on what would work best.
"It’s important we do something because everyone is unsatisfied by URLs. They kind of suck."
“The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices,” said Wired.
The Chrome team already knows that whatever they propose will be controversial. Change is almost naturally resisted when something new is suggested. This is especially true for long-established protocols. However, reluctance to change is no excuse to continue using something that is inherently broken.
“I do know that whatever we propose is going to be controversial,” said Parisa Tabriz, director of engineering at Chrome. “Change will be controversial whatever form it takes. But it’s important we do something because everyone is unsatisfied by URLs. They kind of suck.”
Google has considered the problem with URLs before. In 2014 they tested “the origin chip,” which just showed the name of the website a user was browsing. Clicking the chip would reveal the entire URL. The feature received mixed reviews in the beta period, so they pulled it. The team says it is using the feedback it received back then to inform its current efforts.
There is no timeline for when engineers may implement something, but Porter Felt said that they would be more willing to talk about the details later this fall or next spring.