David Goldstein - Google Looks to Improve Usability and Security of URLs


    According to a story in Wired, Google is looking ahead to the next decade and the future of the URL, or the Uniform Resource Locator. URLs are problematic. Often long and unwieldly, and particularly on mobile devices unreadable, they become easy for cybercriminals to fool the unwitting internet user. Then there are URL shorteners that generally have no relationship to the site which the internet user will be forwarded, so internet users really have no idea where they are going.

    As Wired explains, “the resulting opacity has been a boon for cyber criminals who build malicious sites to exploit the confusion. They impersonate legitimate institutions, launch phishing schemes, hawk malicious downloads, and run phony web services—all because it's difficult for web users to keep track of who they're dealing with.”

    So Google’s Chrome team is working towards changing the way URLs are displayed and used so they are more understandable and helping internet users have a higher level of trust in the websites they visit.

    "People have a really hard time understanding URLs," Adrienne Porter Felt, Chrome's engineering manager told Wired. "They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity."

    But where they go from here Google’s team haven’t come up with a solution. Nor will they divulge what options they’ve been considering. The team is focussed “on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.”

    "I don’t know what this will look like, because it’s an active discussion in the team right now," Parisa Tabriz, director of engineering at Chrome told Wired. "But I do know that whatever we propose is going to be controversial. That’s one of the challenges with a really old and open and sprawling platform. Change will be controversial whatever form it takes. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck."

    It's not the first time that Google have tried to improve usability and security with URLs as a focus. It was an early promoter of HTTPS, treating encrypted websites as standard and call out unencrypted sites as insecure in the Chrome browser, collaborating with other web browser developers and tech companies to spread the change across the web.

    Either later this year or in the first half of next Google expects to be able to talk more publicly about its ideas, which, if they come to fruition, are likely to have a significant impact on the way we view URLs.