Best Top Reviews Online

Google Takes Its First Steps Toward Killing the URL

Google desires to eliminate URLs. But first, it must demonstrate why.

Members of Google’s Chrome security team proposed, in September, to eliminate URLs as we know them. In actuality, the researchers do not advocate a change to the web’s underlying infrastructure. They do, however, want to rework how browsers communicate what website you’re viewing so that you don’t have to deal with increasingly long and incomprehensible URLs and the fraud that has developed around them. Tuesday at the Bay Area Enigma security conference, Chrome usable security lead Emily Stark will discuss Google’s initial steps toward a more robust website identity.

Stark emphasizes that Google is not attempting to create disorder by removing URLs. Instead, it aims to make it more difficult for hackers to profit from user confusion regarding the identity of a website. Currently, the endless fog of complex URLs provides attackers with cover for efficient scams. They can create a malicious link that leads victims to a phishing page despite appearing to lead to a legitimate site. Or, they can design malicious pages with URLs that resemble real ones, in the hope that victims won’t realize they’re on Google and not Google. With so many URL shenanigans to combat, the Chrome team is already working on two projects to bring clarity to users.

Stark told WIRED, “What we’re talking about is changing how site identity is presented.” “People should easily recognize the site they are on, and they should not mistakenly believe they are on another site. It should not require advanced knowledge of the internet to determine this.”

“A key challenge is to prevent legitimate domains from being flagged as suspicious,” – EMILY STARK, CHROME Google

So far, the Chrome team has focused on determining how to identify URLs that appear to deviate from standard practice. Launching in tandem with Stark’s conference presentation, TrickURI is an open-source tool that helps developers verify that their software displays URLs accurately and consistently. The objective is to provide developers with something to test against so they can determine how URLs will appear to users in various situations. Separate from TrickURI, Stark and her colleagues are also developing Chrome user alerts for potentially malicious URLs. The alerts are still undergoing internal testing, as the most difficult aspect is developing heuristics that accurately identify malicious websites while avoiding false positives.

For Google users, the Safe Browsing platform remains the first line of defense against phishing and other online scams. However, the Chrome team is investigating Safe Browsing enhancements that focus specifically on flagging dubious URLs.

“Our heuristics for detecting deceptive URLs involve comparing characters that resemble one another and domains that differ by a small number of characters,” Stark explains. “Our objective is to develop a set of heuristics that steers attackers away from extremely misleading URLs, and a key challenge is to prevent legitimate domains from being flagged as suspect. As an experiment, we are launching this warning gradually.”

Google says it has not yet rolled out the warnings to all Chrome users because the Chrome team is still refining the detection capabilities. And while URLs may not be going away any time soon, Stark emphasizes that Chrome’s presentation of URLs is being refined and more is being done to get users to focus on important parts of URLs. The greatest challenge is displaying the portions of URLs that are pertinent to a user’s security and online decision-making while filtering out all the unnecessary components that make URLs difficult to read. Sometimes, browsers must also assist users with the opposite problem, by expanding shortened or abbreviated URLs.

“The entire space is extremely difficult because URLs work so well for certain people and use cases at the moment, and many people adore them,” Stark says. “We’re excited about the progress we’ve made with our new open-source URL-display TrickURI tool and our exploratory new warnings for URLs that are easily confused.”

The Chrome security team has previously tackled internet-wide security issues, implementing fixes in Chrome and then using Google’s influence to encourage everyone to adopt the practice. Over the past five years, the strategy has been especially effective in promoting the widespread adoption of HTTPS web encryption. Critics of the strategy, however, are concerned about Chrome’s power and pervasiveness. The same influence that has been used to effect positive change may be misapplied or abused. And with something as fundamental as URLs, critics are concerned that the Chrome team may settle on website identity display strategies that benefit Chrome but not the rest of the web. Even ostensibly insignificant modifications to Chrome’s privacy and security posture can have significant effects on the web community.

In addition, a consequence of this pervasiveness is a reliance on risk-averse corporate customers. Katie Moussouris, founder of the responsible vulnerability disclosure firm Luta Security, asserts, “URLs as they currently function are frequently incapable of conveying a risk level that users can quickly identify.” “However, as enterprise adoption of Chrome increases relative to consumer adoption, the company’s ability to radically alter user interfaces and underlying security architecture will be constrained by customer pressure. Popularity carries with it not only the duty to keep people safe, but also the obligation to minimize changes in features, usability, and backward compatibility.”

If it sounds like a lot of difficult and frustrating labor, that is precisely the point. The next question will be how well the Chrome team’s new ideas perform in practice and whether or not they make the web safer.

*Correction January 29 at 21:30: The original version of this sentence stated that TrickURI uses machine learning to parse URL samples and test warnings for suspicious URLs. It has been revised to reflect that the tool evaluates whether software displays URLs consistently and accurately.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
The Rise of the Rookie Hacker – A New Trend to Reckon With

December 21, 2022

More zero-knowledge attacks, compromised credentials, and cybercrimes committed by Generation Z – trends and forecasts for 2022 and 2023. Cybercrime continues to pose a significant threat to individuals, businesses, and governments worldwide. Cybercriminals continue to exploit the pervasiveness of digital…

Thousands Of Citrix Servers May Be Vulnerable To Attack

December 30, 2022

Many servers remain unpatched, researchers are warning. Numerous Citrix ADC and Gateway servers continue to be susceptible to critical vulnerabilities that were reportedly patched by the company weeks ago, according to experts. Citrix discovered and patched an “Unauthorized access to…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.