Google Wants to Get Rid of URLs but Doesn’t Know What to Use Instead
Uniform Resource Locators (URLs), the online addresses that make up such an important part of the Web and browsers we use, are problematic things. Their complex structure is routinely exploited by bad actors who create phishing sites that superficially appear to be legitimate but are in fact malicious. Sometimes the tricks are as simple as creating a long domain name that’s too wide to be shown in a mobile browser; other times, such as in the above picture, more nefarious techniques are used.
It’s for this reason that a number of Chrome developers want to come up with something new. But what that new thing should be is harder to say.
Browsers are already taking a number of steps to try to tame URLs and make them less prone to malicious use. Chrome’s use of “Not Secure” labels instead of showing the protocol name (http or https) replaces a piece of jargon with something that anyone can understand. Most browsers these days use color to highlight the actual domain name (printed in black type) from the rest of the URL (printed in grey type); Apple’s Safari goes a step further, with its address bar suppressing the entire URL except for the domain name, revealing the full text only when the address box is clicked. Microsoft’s Edge (and before it, Internet Explorer) dropped support for URLs with embedded usernames and passwords, because their legitimate uses were overwhelmed by malicious ones.
In 2014, Google did experiment with a more Safari-like URL presentation called “origin chip,” but this effort was abandoned amid complaints and its own set of security concerns.
Google is keeping tight-lipped on its ideas for future URLs and is aware of the enormous uphill task ahead of it.