"Google’s Chrome turned 10 yesterday, and Google has major plans for where to take the browser from here — including options that could revamp how we experience the internet at its most fundamental level — the URL. For the past few years, Google has been considering how to transform the Uniform Resource Locator system into something that scales more effectively for the modern web.
In a conversation with Wired, Adrienne Porter Felt, Chrome’s engineering manager, noted the numerous downsides of URLs:
People have a really hard time understanding URLs…They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.
There’s no doubt that this is a fair point. Simple link obfuscation — making the text of a hyperlink appear to point to a destination while the actual URL is something entirely different — is an easy way to launch attacks against users, including users who are generally on-guard against these kinds of attacks. If we enthusiasts are being honest, we’ll acknowledge that even those of us who absolutely know better have accidentally clicked a link we should’ve realized wasn’t legitimate. No matter how security-minded you are, you’ve made a mistake at some point in your life. The idea of reforming the URL and creating something new and hopefully more secure is a good idea, but it’s also an idea that Google has pushed for before. Back in 2014, the company rolled out changes to Chrome that turned URLs into what Google called “origin chips,” with the URL bar/search bar being dedicated entirely to search.
Google hasn’t commented exactly on what feedback it received from this 2014 experiment, but whatever it got led it to move away from origin chips. That particular feature never made it out of Chrome’s beta releases. And while I recognize that Google’s concerns about URL security and legitimacy are accurate, it seems disingenuous for the very company that helped turn URLs from simple links to sprawling aggregate lists stuffed with other data to pretend it played no part in fostering the very disaster it now wants to fix. There was a time when I didn’t need to install browser extensions just to copy a URL out of Google Chrome without it being stuffed with a ton of crap that I, as the end-user, don’t need and extract no value from.
That fact alone should raise eyebrows when Google declares it wants to improve the internet for the good of everyone, banishing those pesky URLs in the process. If you know how to read them, URLs tell you a great deal about how data is being fed to publishers regarding your activities online. It’s by no means everything — in fact, there’s an ocean of other data also being passed along under the hood — but there’s still value in being able to see and analyze that information when needed.
It’s telling that Google’s preferred options for URLs back in 2014 fundamentally obfuscates so much of this information. It’s the ultimate method of hiding data — people can’t notice the degree of information being extracted from their lives and relayed about them based on how much they click if they literally can’t see that the URL contains such data in the first place. And while 10 years ago such concerns might have seemed banal, we now know that each of these data points represents a mosaic that’s been woven around all of us. There is literally no such thing as unimportant data. Ironically, we can thank Google itself for teaching us that lesson. If, after all, such information was unimportant or non-valuable, why would anyone be bothering to collect it in the first place?
URLs suck. They’re unwieldy. They’re confusing. They’re inconvenient to communicate to people if you don’t have a pen and paper handy, and good URLs that stick in your head the first time you hear them are difficult to come by. The proliferation of domain extensions allows for tremendous flexibility but also opens the door to copycat sites, squatters, phishers, and all manner of other neer-do-wells. Google isn’t wrong about these points. I don’t think anyone particularly enjoys having to share the sorts of links that transform into four pages of seemingly random code when pasted into an IM box.
"But it’ll be a cold day in hell before I’d trust Google, of all companies, to come up with a replacement scheme. I don’t doubt that Google would attempt to solve many of the genuine security issues that plague the URL concept. It’s everything they’d likely bake in beside it that I’m unwilling to countenance. The companies that helped break the existing system shouldn’t be the ones in charge of fixing it."