Google engineers are working on a replacement for the URL

[Matrix]

The big picture: DNS servers have been helping us get to websites almost effortlessly for decades now, but Google thinks its time for change. It says URLs have become to complicated and unwieldy and are easily exploited by phishing schemes. It wants to introduce something new, but it's not quite ready to reveal just what that is yet.

Google Chrome celebrated its tenth birthday today with a major design overhaul. The browser features a whole new look, better tabs (including customization), and a password manager, among other things. Chrome engineers are far from done though. In addition to considering features and functions it can add to the browser down the road, the team is focusing much effort on finding a way to change URLs.

Uniform Resource Locators, or URLs as they are more commonly known, were created to make web IPs more user-friendly. In other words, instead of having to type “184.173.241.66” to go to a website, we can use a URL like "techspot.com." However, over the years URLs have become more complicated and therefore easier to exploit by hackers.

“People have a really hard time understanding URLs,” Chrome's Engineering Manager Adrienne Porter Felt told Wired. “They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity.”

Indeed, URLs have become so untrustworthy that I do not even click on links that my bank sends me in its official communications. I will instead visit the bank’s website from my bookmarks which I know I can trust. Phishing has become sophisticated enough that fake URLs that look authentic are not even hard to create any more.

“So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them,” said Porter Felt. “We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.”

This idea is easier said than done. Even within the Chrome team, engineers are divided on how to accomplish this. Porter Felt and Chrome’s Chief Engineer Justin Schuh claim that they have some ideas on how to approach the problem, but it is too early to reveal anything, especially since they cannot agree on what would work best.

"It’s important we do something because everyone is unsatisfied by URLs. They kind of suck."

“The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices,” said Wired.

The Chrome team already knows that whatever they propose will be controversial. Change is almost naturally resisted when something new is suggested. This is especially true for long-established protocols. However, reluctance to change is no excuse to continue using something that is inherently broken.

“I do know that whatever we propose is going to be controversial,” said Parisa Tabriz, director of engineering at Chrome. “Change will be controversial whatever form it takes. But it’s important we do something because everyone is unsatisfied by URLs. They kind of suck.”

Google has considered the problem with URLs before. In 2014 they tested “the origin chip,” which just showed the name of the website a user was browsing. Clicking the chip would reveal the entire URL. The feature received mixed reviews in the beta period, so they pulled it. The team says it is using the feedback it received back then to inform its current efforts.

There is no timeline for when engineers may implement something, but Porter Felt said that they would be more willing to talk about the details later this fall or next spring.

 

Source

[nir]

Google wants to change the way we interact with URLs

 

'Everyone is unsatisfied by URLs. They kind of suck.'

 

Google's done a lot with Chrome -- and by extension, our relationship with the internet -- in its relatively short life. Autofill, ad management, web encryption... These are all things that were at one time pretty ground-breaking, but which we now simply take for granted. Now, following the browser's 10th birthday and coinciding with its major redesign, Google has announced it's thinking about Chrome's Next Big Thing: killing the URL.

 

URLS -- or Uniform Resource Locators -- are fairly straightforward in principle. They serve as the address of the website you want to visit, directing browsers to the right place on the right web servers. Simple enough when it comes to home pages and single-page sites, but beyond these, URLs have become long and complex, full of strings of nonsense numbers and letters. Link shorteners and redirect software only makes things more complicated, and Google says the resulting confusion has helped to boost cybercrime, with nefarious individuals impersonating legitimate sites or launching phishing schemes to take advantage of users that can't really be sure what's going on with the pages they're visiting.

 

So Google wants to rethink the URL. Speaking to Wired, Chrome's engineering manager Adrienne Porter Felt said: "They're hard to read, it's hard to know which part of them is supposed to be trusted, and in general I don't think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they're talking to when they're using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we're figuring out the right way to convey identity."

 

Google's had a go at rethinking the URL before. Back in 2013 it experimented with the "origin chip", which was bundled into a Chrome pre-release, but eventually discontinued following criticism. So what could it look like this time around? No-one's actually sure. Chrome's director of engineering, Parisa Tabriz, told Wired, "I don't know what this will look like, because it's an active discussion in the team right now. But I do know that whatever we propose is going to be controversial. That's one of the challenges with a really old and open and sprawling platform. Change will be controversial whatever form it takes. But it's important we do something, because everyone is unsatisfied by URLs. They kind of suck."

 

That being said, Porter Felt revealed that Google will be in a better place to discuss its ideas later this year or early next. And no doubt its suggestions will be controversial, particularly considering its vested interest in the way people browse the internet. Still, subject to community scrutiny, a URL rethink could have a positive impact on the overall security of the web. And it probably wouldn't take that long to get used to it -- we tend to happily accept everything else Google throws our way, after all.

 

Source

[psyko666]

GOOGLE WANTS TO KILL THE URL

 

Google's Chrome browser turns 10 today, and in its short life it has introduced a lot of radical changes to the web. From popularizing auto-updates to aggressively promoting HTTPS web encryption, the Chrome security team likes to grapple with big, conceptual problems.

 

That reach and influence can be divisive, though, and as Chrome looks ahead to its next 10 years, the team is mulling its most controversial initiative yet: fundamentally rethinking URLs across the web.

 

Uniform Resource Locators are the familiar web addresses you use every day. They are listed in the web's DNS address book and direct browsers to the right Internet Protocol addresses that identify and differentiate web servers. In short, you navigate to WIRED.com to read WIRED so you don't have to manage complicated routing protocols and strings of numbers. But over time, URLs have gotten more and more difficult to read and understand. As web functionality has expanded, URLs have increasingly become unintelligible strings of gibberish combining components from third-parties or being masked by link shorteners and redirect schemes. And on mobile devices there isn't room to display much of a URL at all.

 

The resulting opacity has been a boon for cyber criminals who build malicious sites to exploit the confusion. They impersonate legitimate institutions, launch phishing schemes, hawk malicious downloads, and run phony web services—all because it's difficult for web users to keep track of who they're dealing with. Now the Chrome team says it's time for a massive change.

 

"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering manager. "They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity."

 

If you're having a tough time thinking of what could possibly be used in place of URLs, you're not alone.

Academics have considered options over the years, but the problem doesn't have an easy answer. Porter Felt and her colleague Justin Schuh, Chrome's principal engineer, say that even the Chrome team itself is still divided on the best solution to propose. And the group won't offer any examples at this point of the types of schemes they are considering.

 

The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.

 

"I don’t know what this will look like, because it’s an active discussion in the team right now," says Parisa Tabriz, director of engineering at Chrome. "But I do know that whatever we propose is going to be controversial. That’s one of the challenges with a really old and open and sprawling platform. Change will be controversial whatever form it takes. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck."

 

The Chrome team has been thinking about URL security for a long time. In 2014, it tried out a formatting feature called the "origin chip" that only showed the main domain name of sites to help ensure that users knew which domain they were actually browsing on. If you wanted to see the full URL, you could click the chip and the rest of the URL bar was just a Google search box. The experiment garnered praise from some for making web identity more straightforward, but it also generated criticism. Within a few weeks of showing up in a Chrome pre-release, Google paused the origin chip rollout.

 

"The origin chip was Chrome's first foray into the space," Porter Felt says. "We discovered a lot about how people think about and use URLs. [But] frankly, the problem space proved harder than we expected. We're using the feedback that we received back in 2014 to inform our new work."

 

Similarly, Tabriz notes that the team faced a lot of pushback for its HTTPS web encryption initiative. Chrome's transition to treat encrypted websites as standard and call out unencrypted sites as insecure seemed radical at first. But the team collaborated with other browsers and tech companies to spread the change across the web and promote encrypted connections that protect user privacy. "Something as basic as HTTPS, everyone in the security community agrees it's good," Tabriz says. "But you make a change and people freak out. So whatever we do here I know it’s going to be controversial. It just takes a long time."

 

Porter Felt says the group will be more ready to talk publicly about its ideas this fall or in the spring. And the group notes that the goal isn't to upend URLs haphazardly, but to enhance a vision that is already in place, given that entity identification is foundational to the overall security model of the web. But coming from a company as influential as Google, and one with such powerful vested interest in how people browse and use the web, community scrutiny of any proposal Google puts forth will be crucial.

As Emily Stark, a technical lead at Chrome puts it, the project is the URLephant in the room.

 

 

 

Source

[Rekkio]

Goolag Chrome joins their friend Mozilla Deadfox like they didn't want to be late at the party 

Turning their browser into a jail. Their users will be safe since they can't do anything to begin with.

 

Mainstream official browsers for you 

[DKT27]

I can understand making easy for common users, but this is quite a crap thing if implemented. In fact, this can cause security issues I think.

[psyko666]

6 minutes ago, DKT27 said:

I can understand making easy for common users, but this is quite a crap thing if implemented. In fact, this can cause security issues I think.

 

Stupid indeed, if implemented I will return to Firefox after all those years again.

[DKT27]

Did not see another topic is already posted about it.

 

Topic merged.

[steven36]

I was using Firefox when using IE was still cool after wining  the 1st browser war against Netscape Aka Firefox,  before they ever was a Google Chorme and guess what I'm still using Firefox  after Google won the 2nd browser wars against IE .If it was not for the EU suing M$   most of us would still be using  IE . Google and Firefox caught a lucky break was all. If businesses didn't adopt Google Chrome like they did it would still be only a thing with home users  on desktop PCs .

 

Google trying do away with URLs i guess they want  to be the W3C and make the rules, because they invented the url system and the WWW not Google.. Sooner or latter some Government is going saw Googles ego in half, like they done to M$ a few times.. They got the EU mad at them over Android  and they got the  USA mad at them for not sending a higher up person to talk to congress about there search engine and YouTube.   They need too chill out because the more they do the worse it looks for them. 

[nIGHT]

It's a huge business that's the reason why anyone wants to take control of it, even the gov'ts .