Google Wants To Kill the URL

As Chrome looks ahead to its next 10 years, the team is mulling its most controversial initiative yet: fundamentally rethinking URLs across the web. From a report: Uniform Resource Locators are the familiar web addresses you use everyday. They are listed in the web's DNS address book and direct browsers to the right Internet Protocol addresses that identify and differentiate web servers. In short, you navigate to WIRED.com to read WIRED so you don't have to manage complicated routing protocols and strings of numbers. But over time, URLs have gotten more and more difficult to read and understand. The resulting opacity has been a boon for cyber criminals who build malicious sites to exploit the confusion. They impersonate legitimate institutions, launch phishing schemes, hawk malicious downloads, and run phony web services -- all because it's difficult for web users to keep track of who they're dealing with. Now, the Chrome team says it's time for a massive change.

"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering Manager. "They're hard to read, it's hard to know which part of them is supposed to be trusted, and in general I don't think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone -- they know who they're talking to when they're using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we're figuring out the right way to convey identity."

If you're having a tough time thinking of what could possibly be used in place of URLs, you're not alone. Academics have considered options over the years, but the problem doesn't have an easy answer. Porter Felt and her colleague Justin Schuh, Chrome's principal engineer, say that even the Chrome team itself is still divided on the best solution to propose. And the group won't offer any examples at this point of the types of schemes they are considering. The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.

In other news, Google wants to track you more

[sinij]

It is not acceptable for Google that some browsing bypasses Google search engine when people directly type in URLs.

Re:In other news, Google wants to track you more

[think_nix]

or analytics services, adservice.google.com, apis.google.com, id.google.com, google crawlers, list goes on and on. Seriously though since late 90's early turn of the century with the initial launch of search which is nowhere near the original purpose of the service, I cannot think of one great advancement google has done to better anything on the web.

Mea culpa. Mea maxima culpa.

[devslash0]

I knew my utm* -stripping extension would piss them off one day haha. On a serious note, it's not going to work. They don't own the Internet even though they think they do.

Re:

[tlhIngan]

It is not acceptable for Google that some browsing bypasses Google search engine when people directly type in URLs.

Remember the great dot-com shootout in the early 00's? Back when people wanted very special .com addresses because that's how people found you, by stumbling about composing URLs?

Sites like sex.com, pets.com, books.com etc. etc. - those domains sold for $$$$$ back in the day. Nowadays it matters a lot less,because everyone Googles rather than tries random URLs. Doesn't hurt that half of the URLs

Re:

[account_deleted]

Comment removed based on user account deletion

Re:What's really sad

[xetovss]

Not only does Google want more stuff to go through them they are complicit if not one of the prime agitators of this phenomenon.

For example to get directions to go from the White House to the US Capitol you get this URL (used the quotes so can see the whole URL w/o having to scroll over): "https://www.google.com/maps/dir/The+White+House,+1600+Pennsylvania+Ave+NW,+Washington,+DC+20500/US+Congress+-+Sergeant+at+Arms,+1+S+Capitol+St+SW,+Washington,+DC+20515/@38.8950631,-77.0311265,15z/data=!3m1!4b1!4m13!4m12!1m5!1m1!1s0x89b7b7bcdecbb1df:0x715969d86d0b76bf!2m2!1d-77.0365298!2d38.8976763!1m5!1m1!1s0x89b7b7b057914a6b:0x617d58ed260bc5e2!2m2!1d-77.0090646!2d38.8899056"

All of the characters after the +20515 is completely unneeded for the above link to work. "https://www.google.com/maps/dir/The+White+House,+1600+Pennsylvania+Ave+NW,+Washington,+DC+20500/US+Congress+-+Sergeant+at+Arms,+1+S+Capitol+St+SW,+Washington,+DC+20515" is all that is needed for the link to work, and can even whittle that down more by another 49 characters to "https://www.google.com/maps/dir/1600+Pennsylvania+Ave+NW,+Washington,+DC+20500/1+S+Capitol+St+SW,+Washington,+DC+20515" and it would still work. Perhaps they should start leading by example and fix what they helped create instead of worrying about what to replace it with.

Re:

[dwpro]

to be fair, they also offer this from their website: https://goo.gl/maps/FbEetWBSGz... [goo.gl]

Re:What's really sad

[Junta]

There's too long, but then there's also indecipherable.

URL shortening services are actually another problem for phishing, since it obfuscates the link by design.

Re:

[vtcodger]

"Perhaps they should start leading by example and fix what they helped create"

No argument that Google is one of the principle culprits in reducing the URL to a humongous quasi-random string of characters. But are you sure you want them to try to "fix" that. Other than a very good search engine and an excellent map data base, very little of the their product is very impressive. My guess is they will create something even worse and internet users will have yet another unnecessary problem to deal with.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jellomizer]

And how does hiding the URL make this any better or worse.
Heck every call in Chrome could go to Google to log the activity, and heck cache the page info and display it back. What they show in the URL bar is what they want you to see.

Re:

[jellomizer]

Is this better?
I imagine this would take more of the form of the SSL verified sticker. If you were on Fox News then there would be some sort of identify icon around the URL which would let you know if you ever left the site to go to some third-party nonsense link.

Re:

[jellomizer]

As a developer, doing restful service calls. even though the info may not be useful for the normal user, It is handy for me the developer. I want to make sure I can load up different data elements, before the search screen is working, make sure security is properly working. Book marks to a url will load the right page when called again...

RIP Web

[Anonymous Coward]

Google, just doing its part in ripping the last bits of the 'web' to shreds. I guess they really do want their search engine to be the place from which all information originates.

AOL

[Anonymous Coward]

With Google mail and voice and everything else and now this. I guess Google wants to be the 21st century AOL.

At least we won't have to worry about the endless stream of CDs in the mail.

Re:RIP Web

[skids]

URI/URL effectively died a decade or so ago when savage PHP coders and their armada of "content
management systems" violated the usage guidance on them and then took years to rediscover the
concept on their own (as "permalinks").

Though I'd say the initial first blow was the constant rearranging of static sites by companies that
apparently had nothing better to do than pay people to move files around for no good reason.

Re:

[thegreatbob]

I used to blame WordPress outright, but I eventually learned that the blame lies squarely with the users assuming everything 'just works', as well as with plugin developers getting complacent about people using their plugins sanely.

Re:

[thegreatbob]

Not the practice, but rather the need for the mechanisms that wind up supporting such practice.

Finally!

[p4ul13]

It's about time we revert back to the future with the AOL keywords we all have been sorely missing from our lives!!!

Re:

[thegreatbob]

Alternative future: AOL is the new SCO, and continues to harass the goog for decades for trying to knock off its model.

What the hell is this bullshit?

[Rick Schumann]

PRO-TIP: There's this magical thing called a bookmark that stores all those 'so-over-complicated' URL thingies under a name that you can even change yourself so your teeny little human brain can understand it! Ain't that amazing?</extreme_sarcasm>

Seriously, Google, what the actual fuck is wrong with you?
Or is it that people have become so fucking dumb that they really can't type in {website}.{top_level_domain}? Considering all the stupid shit I see in the news pretty much every single day anymore I'd be very tempted to believe that, too.

Re:

[ddtmm]

Forget the article, did you even read the summary?

Re:

[SirSlud]

I love it when dumb people lament how dumb everyone has become.

Re:What the hell is this bullshit?

[Rick Schumann]

I read the article so fuck you. They want to 'child proof' shit because people are dumb but childproofing everything just creates more problems. How about we EDUCATE people better so they're not so dumb anymore? People get more and more done FOR them by some automation or service or whatever and they never learn to do shit for themselves and over time it just makes them dumber and dumber.

Re:

[Riceballsan]

I don't think they are implying people don't know how to type cnn.com into their browser to get to cnn's webpage, they have trouble understanding that when they get an e-mail linking to http://www.cnn.notascam.com/st... [notascam.com]

Re:

[fish_in_the_c]

Actually , the reason certificates and https were invented is because without them there is no way to prove that when you type cnn.com on your web browser that you are getting a page from a computer that has anything to do with the entity you are wanting to trust. Any router, any DNS equipment , anywhere along the route can reroute you to a different page, one that logs your keystrokes and then sends you to the real site. So yes, this issue is deeper and harder then you might think. I'm sure one of the o

Re:

[Rick Schumann]

Then we need to TEACH them to know better. Childproofing everything like everyone has an IQ of 75 isn't a good solution.

Re:

[Rick Schumann]

No, I'm pretty sure that's just you.

Re:

[think_nix]

With some rng magic built in maybe this is a way for them to anonymize the ad service providers and all other tracking mechanisms they like to implement.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Reziac]

Didn't there used to be a plugin called something like Link Decombobulator, that decoded, sanity/safety-checked, and previewed these messy links?

If there's not, there should be; problem solved.

Too many TLDs

[Comboman]

The recent expansion of Top Level Domains make it even more difficult. google.corn (that's GOOGLE.CORN in lower case) looks a lot like google.com in certain fonts.

Re:

[GameboyRMH]

Looking at it right now in Firefox on Win10 at default zoom, it looks like there's only 1 or 2 pixels' difference. I took a screenshot to zoom it up to confirm, and indeed due to subpixel rendering, there is only a slight difference in the color of 2 pixels between the two:

Bank of ARNERICA

[tepples]

TLD protection won't help you when a scammer buys "BankOfARNERICA.COM", or when a lot of legitimate businesses outside Colombia are setting up their online presence with a Colombian (.CO) domain anyway. Or would you prefer to contribute to Internet balkanization by blocking Irish sites like MODERN.IE (web dev resource by Microsoft) and British Indian Ocean Territory sites like GITHUB.IO by default if the device happened to geolocate to a different country at first browser launch? In particular, British Indi

Re:

[tepples]

Leaving aside the thousands of military personnel

I was confused as to whether deployment to the Diego Garcia military base counts as legal residence.

thousands of Chagossians who continue their fight over the legality of their expulsion

Yet they remain expelled until they win said fight [telegraph.co.uk].

Solution

[110010001000]

I can guess what Googles solution will be: if you want to host web content you need to purchase a virtual website on their cloud and then they will issue you a code that people can use to type or scan into Chrome. After all, think of the terrorists and/or the children.

Back to AOL?

[agiacalone]

Didn't AOL try this back in the 90s with the 'AOL Keyword'? IIRC, it failed miserably.

Re:

[mu51c10rd]

Didn't AOL try this back in the 90s with the 'AOL Keyword'? IIRC, it failed miserably.

I believe Yahoo tried this with their directory as well back in the day. That didn't make it either...

Re:Back to AOL?

[bigpat]

Didn't AOL try this back in the 90s with the 'AOL Keyword'? IIRC, it failed miserably.

Actually AOL keywords were very very successful and AOL charged big bucks to sell keywords to companies, but eventually domain names and URLs were cheaper to get (unless someone else registered it first) and the DNS system wasn't a monopoly so competition drove down prices further.

Re:

[dissy]

Didn't AOL try this back in the 90s with the 'AOL Keyword'? IIRC, it failed miserably.

Actually AOL keywords were very very successful and AOL charged big bucks to sell keywords to companies, but eventually domain names and URLs were cheaper to get (unless someone else registered it first) and the DNS system wasn't a monopoly so competition drove down prices further.

"Eventually" but not by too far.

From 1984 until 1990, the DNS system was completely a monopoly, in whole administrated by InterNIC.
InterNIC was also the sole source of .com domains (as well as net, org, us, edu, mil, and gov, and before that .arpa) and IP allocations.

It wasn't until 1991 that they split off top level control to Network Solutions.
It was a couple years after that until the "root servers" and "gtld-servers" were split apart, although Network Solutions was still the sole source for .com (and ne

People have a really hard time understanding URLs

[Anonymous Coward]

People have a really hard time understanding URLs

Understatement of the year. "People" don't understand URLs at all. That doesn't mean we should let Google be the arbiter of identity on the internet.

Re:

[UnknownSoldier]

Some people have a really hard time understanding URLs

FTFY.

Computer savvy people have been using the Internet just fine since the '90s thank-you-very-much. Just because X% of the population doesn't understand that an URL is like a phone number doesn't mean we need to replace it with a broken design.

Re:

[sjames]

People have a hard time understanding street addresses. Lets just assign every address a single 12 digit number and pay a private corporation a zillion dollars to provide a lookup service.

Re:

[psycho12345]

You have heard of yellow pages, right?

Re:

[sjames]

You know how U.S. mail works, right?

Re:

[GameboyRMH]

You joke but...

https://what3words.com/ [what3words.com]

I didn't see a Request For Comments anywhere...

[HotNeedleOfInquiry]

That used to be the first step in an internet protocol change. Does Google well and truly own the internet now?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[mu51c10rd]

Does Google well and truly own the internet now?

Yes. Or can you tell me the last time you "Bing'd" something or "Yahoo'd" something?

Re:

[sinij]

Don't duck his questions.

Re:

[TeknoHog]

Tim Berners-Lee never intended URLs to be so visible or people to type them in manually so much; he though people would mostly follow hyperlinks from their home page. He said that if he had known people would deal with raw URLs and HTML so directly he would have made the syntax less cumbersome.

I don't see a lot of ways to simplify the URL structure without removing actual information. Today's URLs are only cumbersome because webmasters have chosen to do so, for example via the shitton of parameters sent by GET rather than POST.

If you want to access $content at $site, what's so cumbersome about http: //$site/$content, and how are you going to put that any simpler? (Personally, I don't know what the // stand for, so they look superfluous to me :) The problem is, there are a lot of sites and a lo

How about dealing with the problem, not the cause

[holophrastic]

This problem, like all internet problems, is not new to the internet. It's not hard to put up a tent by the side of the road, put an apple-like logo onto it, and sell fake iphones.

How do you know, when you walk into a bank, that it's a bank, and not just some guy with a storefront that looks like a bank? When was the last time that you authenticated your bank branch as actually being a bank?

How about if my browser -- that has no problem parsing a URL -- simply asked me, the first time I wind up at a new d

Re:

[PraiseBob]

maybe we should start arresting criminals -- you know, like in every other part of life -- instead of trying to make consumers play their own game of cops and robbers every minute of every day.

I live in the inner city of a high crime city. Anytime I walk outside, I have to pay attention, since there are dangers lurking nearby. I don't expect the police to make everything totally safe, nor would I want to live in the kind of absolute police state environment that it would require. Similarly, I don't wan

Re:

[holophrastic]

I'm not suggesting either one.

I'm suggesting that after a crime has been committed, reported, and identified, that police then arrest those responsible.

It's not about making crime difficult, and it's not even about deterring future criminals. It's simply about making the price of crime much much higher than it is today.

Re:

[tepples]

In practice, police tend to look the other way on the grounds of being overstretched in an era of property tax caps.

Re:

[holophrastic]

You find me a police force that lets me report a fake web-site, and have them go arrest someone in a realistic time-frame, and you can be right.

Until then, that's just how police ought to work. In reality, there is way more crime than any policing force can investigate.

The annoying thing this time is that police can investigate a web-site faster than they can investigate a building. So one would think that a new police department would need very little relative funding in order to start investigating and

Re:

[nasch]

How about if my browser -- that has no problem parsing a URL -- simply asked me, the first time I wind up at a new domain, if I'm sure it is who I think it is?

That might be fine for you, but most people would see something with an OK button preventing them from doing what they want to do, and click OK without reading it.

Re:

[holophrastic]

I'm sorry, but do you think it difficult to penalize criminals? Someone registers a domain name, and pays for it with a credit card. So if someone registers appple.com, and sells fake iphones, would it be difficult to cancel their credit card? Or to bill their credit card for punitive damages? The same credit card with their home address on it?

We already have a registry, at the domain level. Isn't that already enough?

Or are you saying that it's difficult to figure out that appple.com is doing something

Re:

[sjames]

No need for that, just go after the obvious frauds. We can find them by actually doing something about it when people tell police "This site is a fraud".

Where have we heard this before?

[hyades1]

So just like always, some powerful agent seeking to invade the privacy of individuals more comprehensively uses "security" as an excuse. Meanwhile, methods that could make the existing system far more secure (while preserving anonymity for those who need it) are ignored.

If I remember correctly, Google just got caught investigating ways to help China's Big Brother regime weaponize its search engine by turning it into a government-friendly propaganda tool. Google needs to be told in no uncertain terms to shove this so far up its corporate arse the whole board gets a sore throat.

No, it's not

[rickb928]

"Uniform Resource Locators are the familiar web addresses you use everyday."

So far, so good.

"They are listed in the web's DNS address book"

Uh, NO. That's DNS, and that works with the part before slashes etc, right up to and including the TLD (.com, .edu, .info for example).

"and direct browsers to the right Internet Protocol addresses that identify and differentiate web servers"

Um, partly, that's DNS. Then the URL includes the info that web server needs to find and deliver whatever you were looking for.

Who writes this crap anyways? Can't we get this right now and then?

Other than that, I think the idea is not merely dangerous, it's unnecessary. Websites could solve this with simpler URLs, like their own individual versions of .bit/ly-type shortening. Let's encourage them and the software they depend on to make their visions publishable, instead of fixing what isn't broken, merely inconvenient...

Re:

[mi]

"They are listed in the web's DNS address book"

Yes. Whoever put this sentence together does not know first thing about DNS. He should not be writing for "Wired".

Whoever copy-pasted this junk into a Slashdot submission should be banned from ever submitting again, and the editor who let the submission through ought to be suspended without pay. From a metal hook. By the rib...

Trusted?

[Mr307]

I forget when it started but for some time now when a company like Google, Facebook or Twitter (and a few others i'm sure) and the word 'trusted' is used at the same time, I just assume they are up to something and its probably not good for free speech, individualism or personal responsibility.

Seems like yet another thin edge of the wedge towards us all 'needing to be protected' from ourselves.

aol, msn, now google?

[kiviQr]

Are they trying to get obsolete by creating a default home page from where you can access information they control? good luck, who is next?

how about ssl?

[kiviQr]

SSL/certificates solves website legitimacy issue.

how about homoglyphs?

[tepples]

I don't see how TLS PKI solves the problem of someone registering "WE11SFARGO.COM", obtaining a domain-validated certificate for "WE11SFARGO.COM", and using that domain name and certificate to impersonate Wells Fargo Bank.

Knowing programmers

[plopez]

They'll probably want a 16 hexadecimal string with a dotted 48 bit octal sub identifier. Because it's obvious.

Re:

[ooloorie]

They'll probably want a 16 hexadecimal string with a dotted 48 bit octal sub identifier. Because it's obvious.

Google wants that because it drives more traffic to their search engine.

URL replacement

[Todd Knarr]

For me, the replacements are search results and bookmarks in the browser, with URLs being strictly a machine-usable form used inside software. Whose site I can reach through a given bookmark (or what content is at that page) and whether it's owned by who I think it is (via SSL certificate match usually, although DANE would be better) is everything most users want, the rest should be the equivalent of an IP address.

Can these fu***** please stop killing the web?

[gweihir]

Seriously. Don't fix things that are not broken.

Re:

[nwaack]

It's not "fixed" until Google can monetize it.

Re:

[gweihir]

Obviously.

confusing story

[trb]

I agree that there are problems with URLs the way they have been used. I think google is addressing a real problem. But I think the article is confusing and mixes and confuses several problems

- domain name handling in general "They (URLs?) are listed in the web's DNS address book..."
- domain name spoofing (i.e. goog1e instead of google)
- url-rewriting, shortening, and redirection
- encoding cryptic data in URLs
- tracking links
- etc.

At one point in time, the "path" component (after the first single slash)

Oh noes, using the innerwebs is hard!

[ichthus]

In short, you navigate to WIRED.com to read WIRED...

Yeah, damn! I see what you mean. So unnecessarily difficult.

Please no

[MBGMorden]

This will just turn out like so many other "improvements" - so many modern UI's try to get around user incompetence by trying to get things into people's faces so blatantly that there's often little rhyme or reason to how things work.

All this has an actual negative impact on people who know how to use computers well though. It used to be that if you understood the general paradigm of UI design for a given platform you could pickup just about any program and figure it out within a short period of time. All

We stopped teaching it.

[eepok]

"People have a really hard time understanding URLs"

Well, no, not really- not in the infinitive sense. URLs can be ugly and thus hard to decipher unless you have a little bit of education or experience on the matter.

It's hard as in "People have a really hard time doing long division" (until they're taught it) and not ""People have a really hard time understanding hypercubes" (because thinking beyond 3-dimensional space is foreign to the human experience).

If we simply teach people the standards ins and outs o

I'm going to fucking kill the URL

[TeknoHog]

*throws chair*

Re:

[sinij]

I never expected to have to say this, but MS under Ballmer was a lot less evil than what exists today. Ballmer never attempted to have Windows spy on consumers for profit.

Who died and left Google's Chrome team...

[rnturn]

... in charge of the Internet?

Has anyone at Google bothered to propose an RFC so that this can be discussed? Or are they just going to make these pronouncements and push this into practice through their size?

Attempts to fix this.

[jd]

1. Ted Neilson's Xanadu. Never got off the ground.

2. IPv6. The original spec required all Internet traffic to be over IPSec, with server networks using digital certificates to prove their identity.

3. Class 3 SSL certificates. These were certificates released if the person could prove their identity and could prove they had the right to the certificate. Nothing more for user certificates, proof of ownership of domain name and business for server certificates.

4. Smart web pages. If you're using AJAX and servlets, everything can be done in data, you don't need to mess with the URL.

The result? A few of these are utilized, but most webmasters either don't understand the technology, won't use it or have been ordered not to by their boss.

Hacking the URI bar won't change that.

If Google wanted a better system, they'd start by looking at TUBA, one of the IPng/IP6 candidates. If you can uniquely express a resource with an address, you can give it a name. TUBA has infinitely variable length addresses, so it's easy to code a directory path into the physical address. It's an address so it can be given a unique name.

Your webserver is now a virtual network rather than a filesystem.

That doesn't sound like what they're doing.

Re:

[SuricouRaven]

I'd add hash-based links, like magnet and IPFS. They've found a niche, but are too cumbersome for general use. Perhaps the full backing of Google could make IPFS mainstream, but even then it'd only work for static content.

Who would've thought?

[llamalad]

From "do no evil" to adopting MicroSoft's Embrace, Extend, Extinguish strategy.

They proved it works with their handling of RSS and now they're moving on to "extending" the web where people can either comply with Google insinuating itself as the main (or sole) arbiter of identity or else get de-ranked in search results.

It's the end of the web as we know it.

Whatever happened to running out of IP4 addresses?

[Vegan Cyclist]

On a similar note, I recall a lot of hubbub a few years ago about us being about to run out of IP4 addresses... Have we all switched over to IP6 quietly..? Or is there still a disaster about to befall us? Inquiring minds want to know (but are too lazy to search for it..haw haw..let's be social and converse instead!)

needs to be an open process

[ooloorie]

That reach and influence can be divisive, though, and as Chrome looks ahead to its next 10 years, the team is mulling its most controversial initiative yet: fundamentally rethinking URLs across the web.

Any changes to the URL system should be arrived at in an open, participatory, voluntary manner, not by a 800 pound gorilla with massive commercial self-interest and a history of censorship throwing around its weight. That is, if there is one team I don't want to design this, it's a Google team.

Furthermore, it

Block or Mark a warning to all confusing URLs

[FeelGood314]

Step 1: If the URL is from one of the new domains just block it. They are all shit. If the URL is in PUNY code (non-ASCII display) and it isn't mostly characters that are not significantly different from the Roman letters block it, otherwise display the name of the language set and mark it with a warning. Sorry rest of the world but having a few thousand character sets that often overlap is a security nightmare.

Step 2: If the URL has multiple sub domains in it, list the top domain first. Make an exce

I've Been Advocating Reputational Identities

[Slicker]

I have experimented with the idea of Reputational Identities for sought and offered things over a mesh network (calling it, BigMesh). I think it works really well. The gist of it is:

Every entity has an ID through which it/they can post things offered and/or things sought to the mesh. These may be blog articles, tutorials, products, services, or whatever. Each are descripted by a tree of details, such as: Sought: article( topic:"robots" or "artificial intelligence"; price: $0 ); quality > 15

The mesh

Fake

[Tailhook]

Google does not want to "kill" URLs.

The Wired story quotes plans to attempt changing how URLs are displayed:

But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.

They cite previous experience when they attempted an "origin chip," later removed. Again, this was only an attempt to render things in a simpler manner. At no point in the story does any Google representative propose replacing URLs; all that language comes from the Wired writer. Maybe one could illegitimately surmise that some constraint on URLs might be implied in all this but there is no conceivable way to reach "KILL!" That's just fake.

This is Wired clickbait parroted by Slashdot.

Life imitates art

[Shooter6947]

Didn't Dilbert suggest this back in 1998 [dilbert.com].

EV SSL Security

[ironicsky]

Their argument is user security. For the nominal cost and slight headache of setting up an EV certificate, businesses could just do that instead, and Google search, chrome and other browsers could highlight websites as ID Verified. Since EV certificates require a URL to be cross checked against a physical business with government registration, its less likely someone will register a website pretending to be "Facebook" or "Mastercard" if browsers enforced EV for high profile targets.

Phishing sites

[tsa]

The URL is often the only way to recognize phishing sites. If the URL disappears, how do we then recognize them?

So Google wants to replace the web?

[Qbertino]

A proposition that is a tad awkward, since they've already basically taken over the web. ... Whatever.

If you want to replace URLs, your basically replacing the web. If you want to do that, good luck. It better be a really good replacement, with open standards and premium reference implementations and some really awesome stuff like meshing, state and offline built right in. Plus some amazing programming language to build and run things on it.

In short: Good luck with that.

Google could do it, but I doubt even

Re:

[iggymanz]

sure let's let a U.S. corporation trying to build a marketing database on everyone for their advertising clients dictate the planet's web standards

You could certainly make URLs invisible to users.

[hey!]

But you'd still have URLs under the covers. Or you'd end up re-inventing them.

Some years ago I spent time pondering all the possible ways things could be identified in a system. I came up with three broad, non-mutually exclusive strategies:

(1) Analytically: identify a thing by a set of properties which are unique to it (e.g. relational primary keys);
(2) Algorithmically: use an algorithm that is guaranteed to issue identifiers that are unique in the required scope (e.g. UUIDs for global scope, or within re

Back to the future

[bickerdyke]

I, for one, welcome our new AOL keywords.

Re:

[ChoGGi]

This right here is what I came to say ^

Just show the domain from the cert for the address bar until you click on it, then show the actual url.

Re:

[Riceballsan]

well you still have to LOOK at it, and have some moderate understanding of the workings... even slashdot knowing it has a supposedly tech savy target demographic, does something most browsers etc... fails to do, (it takes the time to point out where the site really is). Say if I linked to https://bankofamerica.actually... [actuallycriminals.com] your average human would see that as a bank of america site, with some refrence to actually criminals. you and I (and slashdot's post reader), clearly realizes that the primary page is

Re:

[IcyWolfy]

That logic tends to fail for RTL languages where Right side is more important.
And ambiguous (Vertical), for which I do not know of any research about which direction gets meaning priority. As writing is vertical RTL; but horizontal LTR Chinese/Japanese.

Re: Why reinvent the wheel?

[jd]

Yes, but only Class 3 matters and everyone bought the cheapo ones instead.

Re:

[clovis]

Whatever steaming pile is on offer from Google, it would be nice if we could at least do away with little-endian hostnames.

That would be an easy fix and probably stop most of the phony sites right there. So it's not going to happen.

Re:

[ctilsie242]

I cannot agree more. Qubes is a very good solution. Next to that is using VMs for everything. Web browsing is done in one VM, banking and stuff in another, etc. Plus, some VM programs support encryption, further ensuring that data doesn't get lost. With decent backups and something like VMWare Workstation's AutoProtect [1], you have decent recoverability as well.

[1]: Snapshots are not backups. This is why having some form of backup, even just suspending the VM, and throwing the encrypted thing onto s