To make the web safer, Google says URLs must die
Can the web exist without internet addresses? And if so, how do you navigate? These are some of the controversial questions that Google is asking as it tries to make the World Wide Web a safer place for all netizens.
While the idea of abandoning web addresses may seem radical for a company that has built its business on indexing and ranking web pages whenever a user searches for a specific term, if Google is successful in making the internet a safer, more trustworthy place, users and advertisers may place even greater trust in its search results.
The problem with URLs is that they’re difficult to understand, and hackers prey on this confusion to launch malicious sites, initiate phishing attacks, disseminate false information, or spread malicious software. A recent McAfee report suggests that cyberattacks cost the world $600 billion last year, and the number of attacks are rising.
“So we want to move toward a place where web identity is understandable by everyone — they know who they’re talking to when they’re using a website and they can reason about whether they can trust them,’” said Chrome engineering manager Adrienne Porter Felt in an interview with Wired. “But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.”
The link between web identity and URLs has become less relevant in recent years with the rise of URL shorteners. These shorteners obscure long web addresses with an easy to remember and easy to share URL, but may also make it easier for hackers to mask illegitimate sites. At one point, Google also operated its own URL shortening program, but it announced earlier this year that it was replacing the service with Firebase Dynamic Links. These dynamic links send users to any place within an Android, iOS, or web app, making it easier to share specific content.
At this point, Google doesn’t know what a web without addresses will look like. In 2014, the company experimented with an origin chip in Chrome. The short-lived feature displayed just the main domain name of a website, but clicking on the search box revealed the full web address. Most recently, Google tried to make the web safer by alerting users whenever they visited an insecure site, notifying them that the web address they’re visiting doesn’t use the HTTPS standard.
Google admits that it’s still still trying to understand how people use URLs. So far, the Chrome team hasn’t revealed what proposals it’s considering for what a URL-less web would resemble, and Porter Felt said that her colleagues are divided on a solution, which will be revealed by fall or spring. Google must balance security and convenience, making it easy for people to share links across multiple devices.