Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Wants To Kill the URL (wired.com)

Posted by msmash on from the shape-of-things-to-come dept.

As Chrome looks ahead to its next 10 years, the team is mulling its most controversial initiative yet: fundamentally rethinking URLs across the web. From a report: Uniform Resource Locators are the familiar web addresses you use everyday. They are listed in the web's DNS address book and direct browsers to the right Internet Protocol addresses that identify and differentiate web servers. In short, you navigate to WIRED.com to read WIRED so you don't have to manage complicated routing protocols and strings of numbers. But over time, URLs have gotten more and more difficult to read and understand. The resulting opacity has been a boon for cyber criminals who build malicious sites to exploit the confusion. They impersonate legitimate institutions, launch phishing schemes, hawk malicious downloads, and run phony web services -- all because it's difficult for web users to keep track of who they're dealing with. Now, the Chrome team says it's time for a massive change.

"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering Manager. "They're hard to read, it's hard to know which part of them is supposed to be trusted, and in general I don't think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone -- they know who they're talking to when they're using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we're figuring out the right way to convey identity."

If you're having a tough time thinking of what could possibly be used in place of URLs, you're not alone. Academics have considered options over the years, but the problem doesn't have an easy answer. Porter Felt and her colleague Justin Schuh, Chrome's principal engineer, say that even the Chrome team itself is still divided on the best solution to propose. And the group won't offer any examples at this point of the types of schemes they are considering. The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.

40 of 282 comments (clear)

  1. In other news, Google wants to track you more by sinij · · Score: 5, Insightful

    It is not acceptable for Google that some browsing bypasses Google search engine when people directly type in URLs.

    1. Re:In other news, Google wants to track you more by think_nix · · Score: 3, Insightful

      or analytics services, adservice.google.com, apis.google.com, id.google.com, google crawlers, list goes on and on. Seriously though since late 90's early turn of the century with the initial launch of search which is nowhere near the original purpose of the service, I cannot think of one great advancement google has done to better anything on the web.

    2. Re:In other news, Google wants to track you more by tlhIngan · · Score: 2, Interesting

      It is not acceptable for Google that some browsing bypasses Google search engine when people directly type in URLs.

      Remember the great dot-com shootout in the early 00's? Back when people wanted very special .com addresses because that's how people found you, by stumbling about composing URLs?

      Sites like sex.com, pets.com, books.com etc. etc. - those domains sold for $$$$$ back in the day. Nowadays it matters a lot less,because everyone Googles rather than tries random URLs. Doesn't hurt that half of the URLs you try will lead to a malware site these days.

  2. RIP Web by Anonymous Coward · · Score: 3, Insightful

    Google, just doing its part in ripping the last bits of the 'web' to shreds. I guess they really do want their search engine to be the place from which all information originates.

    1. Re:RIP Web by skids · · Score: 5, Insightful

      URI/URL effectively died a decade or so ago when savage PHP coders and their armada of "content
      management systems" violated the usage guidance on them and then took years to rediscover the
      concept on their own (as "permalinks").

      Though I'd say the initial first blow was the constant rearranging of static sites by companies that
      apparently had nothing better to do than pay people to move files around for no good reason.

      --
      Someone had to do it.
  3. Finally! by p4ul13 · · Score: 5, Funny

    It's about time we revert back to the future with the AOL keywords we all have been sorely missing from our lives!!!

    --
    Paul Lenhart writes words!
    1. Re:Finally! by thegreatbob · · Score: 2

      Alternative future: AOL is the new SCO, and continues to harass the goog for decades for trying to knock off its model.

      --
      There is no XUL, only WebExtensions...
  4. What the hell is this bullshit? by Rick+Schumann · · Score: 5, Insightful

    PRO-TIP: There's this magical thing called a bookmark that stores all those 'so-over-complicated' URL thingies under a name that you can even change yourself so your teeny little human brain can understand it! Ain't that amazing?</extreme_sarcasm>

    Seriously, Google, what the actual fuck is wrong with you?
    Or is it that people have become so fucking dumb that they really can't type in {website}.{top_level_domain}? Considering all the stupid shit I see in the news pretty much every single day anymore I'd be very tempted to believe that, too.

    1. Re:What the hell is this bullshit? by SirSlud · · Score: 2

      I love it when dumb people lament how dumb everyone has become.

      --
      "Old man yells at systemd"
    2. Re:What the hell is this bullshit? by Riceballsan · · Score: 2

      I don't think they are implying people don't know how to type cnn.com into their browser to get to cnn's webpage, they have trouble understanding that when they get an e-mail linking to http://www.cnn.notascam.com/st...

    3. Re:What the hell is this bullshit? by Rick+Schumann · · Score: 3, Insightful

      I read the article so fuck you. They want to 'child proof' shit because people are dumb but childproofing everything just creates more problems. How about we EDUCATE people better so they're not so dumb anymore? People get more and more done FOR them by some automation or service or whatever and they never learn to do shit for themselves and over time it just makes them dumber and dumber.

    4. Re:What the hell is this bullshit? by Reziac · · Score: 2

      Didn't there used to be a plugin called something like Link Decombobulator, that decoded, sanity/safety-checked, and previewed these messy links?

      If there's not, there should be; problem solved.

      --
      ~REZ~ #43301. Who'd fake being me anyway?
  5. Solution by 110010001000 · · Score: 3, Insightful

    I can guess what Googles solution will be: if you want to host web content you need to purchase a virtual website on their cloud and then they will issue you a code that people can use to type or scan into Chrome. After all, think of the terrorists and/or the children.

  6. AOL by Anonymous Coward · · Score: 2, Insightful

    With Google mail and voice and everything else and now this. I guess Google wants to be the 21st century AOL.

    At least we won't have to worry about the endless stream of CDs in the mail.

  7. Back to AOL? by agiacalone · · Score: 4, Interesting

    Didn't AOL try this back in the 90s with the 'AOL Keyword'? IIRC, it failed miserably.

    1. Re:Back to AOL? by bigpat · · Score: 3, Insightful

      Didn't AOL try this back in the 90s with the 'AOL Keyword'? IIRC, it failed miserably.

      Actually AOL keywords were very very successful and AOL charged big bucks to sell keywords to companies, but eventually domain names and URLs were cheaper to get (unless someone else registered it first) and the DNS system wasn't a monopoly so competition drove down prices further.

  8. People have a really hard time understanding URLs by Anonymous Coward · · Score: 2, Insightful

    People have a really hard time understanding URLs

    Understatement of the year. "People" don't understand URLs at all. That doesn't mean we should let Google be the arbiter of identity on the internet.

  9. I didn't see a Request For Comments anywhere... by HotNeedleOfInquiry · · Score: 5, Interesting

    That used to be the first step in an internet protocol change. Does Google well and truly own the internet now?

    --
    "Eve of Destruction", it's not just for old hippies anymore...
    1. Re:I didn't see a Request For Comments anywhere... by squiggleslash · · Score: 4, Interesting

      RFCs are what you issue when you have a proposed standard. Right now Google are just saying "URLs suck, know what I mean? Right? You agree right?" which isn't really a "proposed standard" any more than "You know, it'd be awesome if I could send some text across the Internet" would have been enough to issue RFC 822.

      --
      You are not alone. This is not normal. None of this is normal.
    2. Re:I didn't see a Request For Comments anywhere... by mu51c10rd · · Score: 2

      Does Google well and truly own the internet now?

      Yes. Or can you tell me the last time you "Bing'd" something or "Yahoo'd" something?

    3. Re:I didn't see a Request For Comments anywhere... by sinij · · Score: 2

      Don't duck his questions.

  10. Where have we heard this before? by hyades1 · · Score: 3, Interesting

    So just like always, some powerful agent seeking to invade the privacy of individuals more comprehensively uses "security" as an excuse. Meanwhile, methods that could make the existing system far more secure (while preserving anonymity for those who need it) are ignored.

    If I remember correctly, Google just got caught investigating ways to help China's Big Brother regime weaponize its search engine by turning it into a government-friendly propaganda tool. Google needs to be told in no uncertain terms to shove this so far up its corporate arse the whole board gets a sore throat.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  11. No, it's not by rickb928 · · Score: 3, Interesting

    "Uniform Resource Locators are the familiar web addresses you use everyday."

    So far, so good.

    "They are listed in the web's DNS address book"

    Uh, NO. That's DNS, and that works with the part before slashes etc, right up to and including the TLD (.com, .edu, .info for example).

    "and direct browsers to the right Internet Protocol addresses that identify and differentiate web servers"

    Um, partly, that's DNS. Then the URL includes the info that web server needs to find and deliver whatever you were looking for.

    Who writes this crap anyways? Can't we get this right now and then?

    Other than that, I think the idea is not merely dangerous, it's unnecessary. Websites could solve this with simpler URLs, like their own individual versions of .bit/ly-type shortening. Let's encourage them and the software they depend on to make their visions publishable, instead of fixing what isn't broken, merely inconvenient...

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  12. Too many TLDs by Comboman · · Score: 5, Interesting

    The recent expansion of Top Level Domains make it even more difficult. google.corn (that's GOOGLE.CORN in lower case) looks a lot like google.com in certain fonts.

    --
    Support Right To Repair Legislation.
  13. Knowing programmers by plopez · · Score: 2, Insightful

    They'll probably want a 16 hexadecimal string with a dotted 48 bit octal sub identifier. Because it's obvious.

    --
    putting the 'B' in LGBTQ+
  14. Re:How about dealing with the problem, not the cau by PraiseBob · · Score: 2

    maybe we should start arresting criminals -- you know, like in every other part of life -- instead of trying to make consumers play their own game of cops and robbers every minute of every day.

    I live in the inner city of a high crime city. Anytime I walk outside, I have to pay attention, since there are dangers lurking nearby. I don't expect the police to make everything totally safe, nor would I want to live in the kind of absolute police state environment that it would require. Similarly, I don't want a "totally safe" internet, where all content is curated and carefully vetted.

  15. Re:Why reinvent the wheel? by ChoGGi · · Score: 2

    This right here is what I came to say ^

    Just show the domain from the cert for the address bar until you click on it, then show the actual url.

  16. Can these fu***** please stop killing the web? by gweihir · · Score: 3, Insightful

    Seriously. Don't fix things that are not broken.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  17. Re:People have a really hard time understanding UR by sjames · · Score: 2

    People have a hard time understanding street addresses. Lets just assign every address a single 12 digit number and pay a private corporation a zillion dollars to provide a lookup service.

  18. Re:How about dealing with the problem, not the cau by holophrastic · · Score: 2

    I'm not suggesting either one.

    I'm suggesting that after a crime has been committed, reported, and identified, that police then arrest those responsible.

    It's not about making crime difficult, and it's not even about deterring future criminals. It's simply about making the price of crime much much higher than it is today.

  19. I'm going to fucking kill the URL by TeknoHog · · Score: 3, Funny

    *throws chair*

    --
    Escher was the first MC and Giger invented the HR department.
    1. Re:I'm going to fucking kill the URL by sinij · · Score: 2

      I never expected to have to say this, but MS under Ballmer was a lot less evil than what exists today. Ballmer never attempted to have Windows spy on consumers for profit.

  20. Re:What's really sad by xetovss · · Score: 5, Informative

    Not only does Google want more stuff to go through them they are complicit if not one of the prime agitators of this phenomenon.

    For example to get directions to go from the White House to the US Capitol you get this URL (used the quotes so can see the whole URL w/o having to scroll over): "https://www.google.com/maps/dir/The+White+House,+1600+Pennsylvania+Ave+NW,+Washington,+DC+20500/US+Congress+-+Sergeant+at+Arms,+1+S+Capitol+St+SW,+Washington,+DC+20515/@38.8950631,-77.0311265,15z/data=!3m1!4b1!4m13!4m12!1m5!1m1!1s0x89b7b7bcdecbb1df:0x715969d86d0b76bf!2m2!1d-77.0365298!2d38.8976763!1m5!1m1!1s0x89b7b7b057914a6b:0x617d58ed260bc5e2!2m2!1d-77.0090646!2d38.8899056"

    All of the characters after the +20515 is completely unneeded for the above link to work. "https://www.google.com/maps/dir/The+White+House,+1600+Pennsylvania+Ave+NW,+Washington,+DC+20500/US+Congress+-+Sergeant+at+Arms,+1+S+Capitol+St+SW,+Washington,+DC+20515" is all that is needed for the link to work, and can even whittle that down more by another 49 characters to "https://www.google.com/maps/dir/1600+Pennsylvania+Ave+NW,+Washington,+DC+20500/1+S+Capitol+St+SW,+Washington,+DC+20515" and it would still work. Perhaps they should start leading by example and fix what they helped create instead of worrying about what to replace it with.

  21. Attempts to fix this. by jd · · Score: 2

    1. Ted Neilson's Xanadu. Never got off the ground.

    2. IPv6. The original spec required all Internet traffic to be over IPSec, with server networks using digital certificates to prove their identity.

    3. Class 3 SSL certificates. These were certificates released if the person could prove their identity and could prove they had the right to the certificate. Nothing more for user certificates, proof of ownership of domain name and business for server certificates.

    4. Smart web pages. If you're using AJAX and servlets, everything can be done in data, you don't need to mess with the URL.

    The result? A few of these are utilized, but most webmasters either don't understand the technology, won't use it or have been ordered not to by their boss.

    Hacking the URI bar won't change that.

    If Google wanted a better system, they'd start by looking at TUBA, one of the IPng/IP6 candidates. If you can uniquely express a resource with an address, you can give it a name. TUBA has infinitely variable length addresses, so it's easy to code a directory path into the physical address. It's an address so it can be given a unique name.

    Your webserver is now a virtual network rather than a filesystem.

    That doesn't sound like what they're doing.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  22. Bank of ARNERICA by tepples · · Score: 2

    TLD protection won't help you when a scammer buys "BankOfARNERICA.COM", or when a lot of legitimate businesses outside Colombia are setting up their online presence with a Colombian (.CO) domain anyway. Or would you prefer to contribute to Internet balkanization by blocking Irish sites like MODERN.IE (web dev resource by Microsoft) and British Indian Ocean Territory sites like GITHUB.IO by default if the device happened to geolocate to a different country at first browser launch? In particular, British Indian Ocean Territory is uninhabited.

  23. Re:little-endian hostnames by clovis · · Score: 2

    Whatever steaming pile is on offer from Google, it would be nice if we could at least do away with little-endian hostnames.

    That would be an easy fix and probably stop most of the phony sites right there. So it's not going to happen.

  24. Re:What's really sad by dwpro · · Score: 2

    to be fair, they also offer this from their website: https://goo.gl/maps/FbEetWBSGz...

    --
    Millions long for immortality who do not know what to do with themselves on a rainy Sunday afternoon. -- Susan Ertz
  25. Fake by Tailhook · · Score: 4, Informative

    Google does not want to "kill" URLs.

    The Wired story quotes plans to attempt changing how URLs are displayed:

    But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.

    They cite previous experience when they attempted an "origin chip," later removed. Again, this was only an attempt to render things in a simpler manner. At no point in the story does any Google representative propose replacing URLs; all that language comes from the Wired writer. Maybe one could illegitimately surmise that some constraint on URLs might be implied in all this but there is no conceivable way to reach "KILL!" That's just fake.

    This is Wired clickbait parroted by Slashdot.

    --
    Maw! Fire up the karma burner!
  26. Life imitates art by Shooter6947 · · Score: 3, Funny

    Didn't Dilbert suggest this back in 1998.

  27. Re:What's really sad by Junta · · Score: 4, Insightful

    There's too long, but then there's also indecipherable.

    URL shortening services are actually another problem for phishing, since it obfuscates the link by design.

    --
    XML is like violence. If it doesn't solve the problem, use more.