Skip to main content

Googler suggests a new way for Chrome to display URLs to combat phishing

One of the key controls found on every web browser is the address bar, where you can view the current page’s URL, edit it, or enter a new one. A Googler has proposed a potential new way for Google Chrome to display URLs in a way that could help fight back against phishing sites.

If you’re reading this, your browser is almost certainly on the URL “https://9to5google.com/2020/01/28/googler-chrome-urls-combat-phishing” or one close to it. To the typical internet denizen, every bit of that text makes sense, denoting that you’re securely connected to 9to5Google.com, reading an article about Chrome from January 28, 2020.

When used well, a URL can give you a sense of safety that you actually are on the site you intend to be browsing. For someone who is less savvy though, a page’s URL could be seen as useless, or worse, misinterpreted to be trustworthy when it in fact isn’t. These possibilities and more are among the many problems with URLs as we have them in today’s browsers, as pointed out in an episode of the podcast “HTTP 203,” hosted by Googlers Das Surma and Jake Archibald.

Rather than simply bemoaning the downfalls of URLs and the ways that browsers handle them, Archibald has proposed an alternative solution. Before doing so, he explicitly notes that this is not a Google-approved proposal and is not something that you should expect to see in Chrome in the near future.

Taking some of the best approaches from each browser and adding his own spin, Archibald suggests a new UI for the address bar which puts heavy emphasis on the most important part of a URL to use when deciding on a website’s authenticity, the “eTLD+1” or “base domain.” On this page, for example, the eTLD+1 would be “9to5google.com.”

By putting the focus here, as inspired by Firefox, it’s easier to spot that you may have inadvertently wandered onto a phishing site. This also helps portray that subdomains like “images.google.com” are from the same source as “google.com.” Meanwhile, URLs that are not from the same source despite sharing an eTLD+1, like sites hosted on GitHub Pages, are marked as separate, as seen above, thanks to Mozilla’s Public Suffix List.

On mobile, the proposed UI looks a great deal like Safari does on desktop, displaying only the eTLD+1 until you tap to look for more information. Google has already begun efforts to simplify the address bar by hiding the “https://” part until you click the URL, but this is quite a few steps further.

Overall, this is an interesting compromise between knowing that URLs are slowly becoming less useful over time but also aren’t going away any time soon. However, this whole concept could be thrown for a loop if another recent proposal is approved, allowing AMP pages to display the original page’s URL instead of the AMP-specific one.

What do you think of this URL proposal? Would you be okay with your mobile browser’s address bar not always displaying the full URL? Let us know in the comments.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Kyle Bradshaw Kyle Bradshaw

Kyle is an author and researcher for 9to5Google, with special interests in Made by Google products, Fuchsia, and uncovering new features.

Got a tip or want to chat? Twitter or Email. Kyle@9to5mac.com