Will Google’s Efforts In Refining Chrome URL Display & Website Identity Strengthen Security?
Redesigning a platform or an application is always done to refresh the look. Google is working on making a user safe on Google Chrome. Google is stressing on how URL is shown in the Omnibox, the address bar.
First Google came up with Trickuri and now they are working on alerting users from potentially suspicious URLs.
In this post, we talk about the efforts made by Google to ensure the privacy and security of a user while browsing the internet on Chrome.
What Is Trickuri?
Trickuri is an open source tool which can be used by developers to test if their app displays URL correctly and regularly under various scenarios. The new Chrome alerts are under testing.
Google Chrome’s Usability Security Lead, Emily Stark told that they are facing difficulties in creating heuristic rules which could correctly point out malicious URLs meanwhile avoid false positives.
In an interview with WIRED, Emily Start said, “Our heuristics for detecting misleading URLs involve comparing characters that look similar to each other and domains that vary from each other just by a small number of characters. Our goal is to develop a set of heuristics that pushes attackers away from extremely misleading URLs, and a key challenge is to avoid flagging legitimate domains as suspicious. This is why we’re launching this warning slowly, as an experiment.”
The URL is the face or identity of an entity online. Whenever a user needs to check whether a website is genuine or phishing free or not, then they check the URL. However, not everyone knows that it is not enough. The components in URL doesn’t necessarily mean the same in syntax.
Google has always insisted website owners on using HTTPS and it has been adopted by browser developers, therefore the users have also started preferring those websites.
This is one of the attempts to ensure a safe online experience to the users. Well, this is not the end. Google is working on more. They are planning to set user awareness on pertinent parts of the URL. For that, they are improving Chrome to show these portions meanwhile saving users from unnecessary hodgepodge
While in an interview with WIRED, Google Chrome’s Engineering Manager, Adrienne Porter Felt, shared thoughts on how users perceive the URL:
People have a really hard time understanding URLs. They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general, I don’t think URLs are working as a good way to convey site identity. So, we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it, as we’re figuring out the right way to convey identity.
Well this is all part of a process and even Google is not sure what would be the end result.
Let’s check the changes made by Google in refining URLs
- Google removed ‘HTTP’‘ from the Omnibox in April 2010
- Google started testing a feature allegedly known as the “origin chip”, in May 2014. This was its first try to change the display of the URL, although it has been put on hold.
- Google started rating some HTTP websites as not secure in Jan 2017
- Google began to identify HTTP websites with a search box as not secure in October 2017.
- Google began to mark all HTTP websites as not secure in July 2018.
- Google excludes the Secure mark from HTTPS pages in Sept 2018.
- Google eliminates www in URLs along with m, which used to indicate that web address is for mobile users in Sept 2018. Google also started displaying a Not secure warning to users when they start to input data on HTTP pages Along with this, the company also removed the file:// scheme in the same month.
- Google announced Trickuri for developers in Jan 2019.
With the change in URLs, there will be certainly a change in redirection schemes, SEO and many other things. But the question is how will developers, consumers and businesses will prepare for the changes in URL.
Well, the answer to this is unknown as the changes of the URL are still under testing and the response to it could be all kind of crazy. So, until the changes are not released, all we can do is wait to know how the changes can strengthen the online security of a user.