Google wants to kill url
In early September, Google Chrome browser turned 10 years old, and in his short life he introduced many radical changes to the web. Chrome's security department loves to deal with big and conceptual problems, from the popularization of automatic updates to the aggressive promotion of HTTPS encryption. Such an influence and such scope can lead to a division of opinions; and while Chrome is planning its work for the next ten years, the team is considering the most controversial initiative of all: fundamentally changing the work of the URL throughout the web.
The Uniform Resource Locator (URL) is a familiar web address that you use daily. These addresses are listed in the DNS address book, and they redirect browsers to the correct Internet Protocol (IP) addresses, which help to distinguish and identify web servers. That is, you go to habr.com and read Habr, not bothering with complex routing protocols and sequences of numbers. But over time, URLs became more and more difficult to read and understand. With the expansion of the network functionality, URLs are increasingly turning into illegible lines from every kind of hodgepodge, combining components of third-party services or masquerading as link shorteners and redirection schemes. And on mobile devices there is no place at all to display the entire URL.
The resulting opacity allowed the cybercriminals who create malicious sites to exploit this mess. They pretend to be real organizations, launch phishing schemes, distribute links to download malicious applications, organize fake web services — all because web users find it difficult to track who they are dealing with. And now, according to the Chrome team, it is time for a major change.
"People really have difficulty with URLs," says Adrienne Porter Felt, technical manager for the Chrome team. “They are hard to read, hard to understand, which parts of them should be trusted, and in general, I don’t think that the URLs correctly convey the identity of the site.” And we want to move to where the identity of the web is clear to everyone - so that they know who they communicate with using the website, and can rationally talk about whether they can be trusted. But it will mean a big change in how and when Chrome shows the URL. We want to challenge the method of displaying URLs and questioning them, moving towards a suitable representation of identity. ”
If it's hard for you to imagine that you can use it instead of a URL, then you are not alone. Scientists have been considering options for years, but this problem does not have a simple answer. Porter Felt and her colleague Justin Schuh, the chief engineer of Chrome, said that even on the Google team, opinions were divided on this issue. And while the group does not offer any examples of the proposed schemes.
They say they are focusing on defining all the ways people use URLs to try to find an alternative that will increase the security and integrity of the web identity, while adding convenience to everyday tasks like sending links to other people on mobile devices.
“I don’t know how it will look like so far, because at this time there’s an active discussion on the team,” said Paris Tabriz [Parisa Tabriz], director of the team. “I know one thing: whatever we offer, it will be a controversial decision. This is one of the obstacles in working with a very old, open and widespread platform. The changes will be contradictory, whatever form they take. But it is important to do at least something, because the URL does not satisfy anyone. URL sucks. "
The Chrome team has been thinking about URL security for a long time. In 2014, she attempted to introduce a formatting function called a “piece of the original” [origin chip], showing only the main domain name of the site to help users understand which domain they actually are on. To see the entire URL, you could click on a piece, and the rest of the URL input field worked as a Google search field. The experiment received not only positive ratings for improving the identity of the web, but also a lot of criticism. After a few weeks of running the feature in the preliminary version of Chrome, the team suspended the release of this feature.
“The source slice was Chrome’s first invasion of a new business,” says Porter Felt. “We learned a lot about how people envision and use a URL. But to be honest, the problem turned out to be more serious than we expected. We use the feedback received in 2014 to reflect on our current work. ”
Also, Tabriz notes that the team faced a serious negative reaction to its HTTPS encryption initiative. Chrome’s transition to stating encrypted sites as a standard, and calling unencrypted unsafe, seemed radical at first. But the team worked together with other browsers and technology companies to spread these changes throughout the web and promote encrypted messages that protect the privacy of users. “Among the security men, everyone agrees on the need for such a basic thing as HTTPS,” says Tabriz. - But it is worth making a change, and people immediately start to panic. Therefore, no matter what we do, I know that this will prove controversial. Just for such things take time. "
Porter Felt says the group will be ready to talk about their ideas in the fall or spring. The group notes that their goal is not to turn the use of URLs upside down without any logic, but to improve an already existing idea, given that the identification of objects is the basis of the entire web security model. But since these proposals will come from such an influential company as Google, which has such an interest in how people surf the web and use it, the community’s attention to any company proposal will be critical.
As one of the managers of the Chrome team, Emily Stark, says, this project calls for the beginning to notice the following project [ the project is the URLeant in the room/ reference to the English saying about the possibility not to notice the obvious, the roots of which lie in Krylov's fable "The Curious " / approx. trans. ].