
Google wants to get rid of URLs but doesn’t know what to use instead - pestkranker
https://arstechnica.com/gadgets/2018/09/google-wants-to-get-rid-of-urls-but-doesnt-know-what-to-use-instead/
======
josefresco
We build websites for small business, many biz owners:

\- Do not know what or where the "address bar" is.

\- To visit their website, they will "google" (the verb) their website address
(or biz name) - which leads to newly launched website owners thinking their
website isn't accessible/online.

Chrome and other browsers combining the address bar with the search box has
only made this situation worse.

~~~
checkyoursudo
My side of the phone call (sometimes multiple times with the same customer):

What do you mean "the site isn't coming up"?

OK, I'll take a look right now... yep, it loads just fine.

Can't find it? Just type the domain name in to the address bar...

No, that's the search bar, I mean, you can use that, but it's only been a
couple of days and [search engine] probably hasn't indexed it yet.

OK, if you want to look at it right now, then type the name of your website
into the text field at the very top.

What do you mean it still isn't coming up? It loaded fine for me.

...It's not in the list of links... OK, that's still [search engine] results.
How about this, type the name of your site, plus the dot com, and nothing
else. Got it?

OK, now press enter.

Tada!

~~~
maxerickson
I wonder why you don't adjust your expectations?

~~~
josefresco
What would "adjust your expectations" look like exactly? While these clients
are the minority, it happens often enough that I'd like to find a solution.

------
jerf
It sounds to me like this is more of a problem with the _domain_ system, and
the way it embeds into a URL, than a problem with URLs as a whole. Browsers
have already largely hacked off the protocol in the front, and even Google
couldn't get rid of the path & querystring (though we can continue to work
towards hiding more of it from the average user if that is desirable), so it
seems likely this is all about the domain, and the difficulty of mapping what
domains really mean to what end users think it means.

To boil it down to one example, how do you solve the problem of someone
setting up secure.citigroup.accountmanagement.com and have an end-user
understand that that's a phishing site? I mean, for goodness' sake, authority
in the DNS chain is read _backwards_. How many users are going to read that
and see ".com" as the root and technically most important element, rather than
"secure"?

I'm not commenting on any possible solution since this article doesn't even
sketch one. I'm just trying to apply the principle-of-charity to the article
and come up with the most plausible interpretation, and the one most
interesting to have a discussion about.

My own commentary is that I'm not sure if there is an answer that's any better
than beating on domain names until they work as well as possible. The only
other alternative I see is a centralized authority of some sort, and while
that is likely to potentially work better than what we have now for maybe
about 5 years, the negative consequences after that as the central authority
learns to spread its wings and exert control to extract money from people and
abuse its authority to push some agenda outweigh the safety.

~~~
romaniv
_> My own commentary is that I'm not sure if there is an answer that's any
better than beating on domain names until they work as well as possible._

GUId per domain. No hierarchy. Peer-to-peer sharing. Cryptographically signed
user-comprehensible metadata that's resolved through some quorum protocol or
stored in a blockchain.

URLs are fine, but the idea that identity of a website is embedded into its
"location" is silly. Google owns gmail.com, but Steam/valve doesn't own
steam.com. How am I supposed to know that as a user?

Really, the usecases for domain names names have completely changed since the
time DNS was conceived.

~~~
jerf
"GUId per domain. No hierarchy. Peer-to-peer sharing. Cryptographically signed
user-comprehensible metadata that's resolved through some quorum protocol or
stored in a blockchain."

That mostly solves technical problems, but technical problems are (probably)
not what is driving this effort. Is a user supposed to know that
d6998147-a7a2-485a-ac5f-74dddebfe070 is legimately Steam, but
d69a2b76-96ca-4d7e-b25c-c5a69848e070 is not? Who verifies the metadata for
accuracy? Who says you can't register Bank Of Ａmerica? Those problems, and the
other problems like them, are the hard problems, not cryptographically signing
the answers to those hard problems. Crypto is easy by comparison.

~~~
romaniv
The problem with DNS is that it mixes a lot of almost unrelated problems
together. Here are some things domain names solve:

1\. Aliasing/abstraction of IP addresses. Being able to change physical
location or server of a service without reconfiguring everything.

2\. Mnemonics for getting to a particular server.

3\. Indicator that a server belongs to a particular organization or company.

4\. Grouping services together so they can share resources (like cookies).

DNS solves all of those problems, but not particularly well.

#1: You need to deal with a lot of BS when all you need is stable identifier.

#2: There is a lot of contention around domain names. Users prefer to use
search instead of typing long domains. There is no particular reason why my
mnemonics should be the same as for everyone else.

#3: Similar-looking domain names used for phishing. Users don't understand DNS
hierarchy. Expiration. Hijacking. A tree structure isn't enough anymore. And
so on. This one is particularly bad. Like you said, it's not just a technical
problem.

#4: Just look at HTTP security headers and all the iframe issues.

The problem #3 can be solved separately from the rest. The rest are relatively
simple technical problems if you consider them in isolation and we could solve
them much better than DNS does.

------
mscasts
Whatever Google comes up with I'm pretty confident that I will disagree
heavily with. URLs is fantastic, solves the problem well and basically has
little to no issues. There is no need to fix something that is not broken.

Thanks, but could you please stop trying to control the web Google?

~~~
maxerickson
It's not about getting rid of URLs, it's about not displaying them to most
users. From the Wired article Ars probably based their writeup on (Ars links
it):

 _" People have a really hard time understanding URLs," says Adrienne Porter
Felt, Chrome's engineering manager. "They’re hard to read, it’s hard to know
which part of them is supposed to be trusted, and in general I don’t think
URLs are working as a good way to convey site identity. So we want to move
toward a place where web identity is understandable by everyone—they know who
they’re talking to when they’re using a website and they can reason about
whether they can trust them. But this will mean big changes in how and when
Chrome displays URLs. We want to challenge how URLs should be displayed and
question it as we’re figuring out the right way to convey identity."_

~~~
rauhl
> It's not about getting rid of URLs, it's about not displaying them to most
> users.

And one of their incentives in doing so is that Google is an alternative to
URLs. Already many users Google ‘facebook’ and click on the first link rather
than just typing ‘facebook.com’ (or ‘face’ TAB ENTER).

Although I don’t believe I saw it in the article, it’s in Google’s interest to
mediate all access to the Internet for consumers — this isn’t fundamentally
different from Facebook’s VPN. It’s not in users’ interest, of course.

If they cared about security they could do something like display the domain &
the path separately, maybe on different lines (with maybe colour used to
distinguish HTTPs vice HTTP):

    
    
       news.ycombinator.com
       reply?id=…

~~~
staticassertion
People searching 'facebook.com' on google seems like an indication that urls
are already broken.

~~~
basscomm
People searching 'facebook.com' on google seems like a user education problem
to me.

In fact, if I was Google (and I was less scrupulous), that's the kind of
behavior I would encourage: train users to type destinations into Google,
serve up the results using AMP, obfuscate the whole thing by eliminating URLs,
then users will just stay in Google's ecosystem and never leave.

------
vorpalhex
Maybe instead we can have little badges called "Googs" that'll direct you to
the AMP version of a website. Obviously, you'll need to pay the Google for
this privilege. They'll make the design open source, but since their browser
and Firefox will only support the official "Googs" implementation, oss
versions will be dead from the start.

Letting a commercial company define a breaking web standard change won't have
any repercussions whatsoever.

~~~
Spooky23
Sounds like the 2018 equivalent to "Would you like to know more? Just enter
AOL Keyword: BAD IDEA"

------
bopbop
Similar to the Google push for AMP pages:

[https://news.ycombinator.com/item?id=17920720](https://news.ycombinator.com/item?id=17920720)
[https://www.polemicdigital.com/google-amp-go-to-
hell/](https://www.polemicdigital.com/google-amp-go-to-hell/)

There's a great comment about the link between these two over there:

[https://news.ycombinator.com/item?id=17923156](https://news.ycombinator.com/item?id=17923156)

------
protoster
Arstechnica isn't helping, the title and the article makes it seem like google
owns the web and is in charge of the standards.

------
gwbas1c
Do we really need to change the url system? What if we make it super-easy to
register a TLD?

What if there is an alternative system to verify that a website is owned by
someone? For example, what if the icon needs to be registered with some kind
of trademark-like entity, and the browsers made the icon more prominent?

~~~
eximius
It is super easy to register a tld. Type in the name, add to cart, purchase.

Using it is more difficult.

~~~
0xcde4c3db
That's for second/third-level domains (depending on the scheme of the TLD
they're under). To run a TLD you have to apply to ICANN and provide evidence
that you will actually be able to run the registry.

~~~
eximius
Oh, you're right, I wasn't paying attention.

Why would making that easy be a good thing, though? Seems like it would just
lead to tld squatting and poor performance .

------
TotempaaltJ
It makes a lot of sense to me to redesign how we display URLs. Right now, we
show them as a singular identifier, where the only thing we can tell the user
is to search for things inside that string of characters (look for https, or
look for bankname.com). We don't need to show the whole string of characters.

It seems very sensible to me to take the URL for what it is and communicate
that back to the user:

\- The protocol doesn't matter much to most people, except the implications it
has, so maybe show "encrypted" or "not encrypted" (and fallback to protocol
name for FTP and the like, most people won't ever touch that without knowing
what it is)

\- The domain is interesting: there's the TLD, which doesn't _really_ matter,
and the second level name, which matters a lot. Subdomains matter less. How
about we show it as a much more prominent "[ domain.com ]" with a less obvious
subdomain.

\- Paths are pretty generic all around: incrementally deeper descriptors
separated by forward slashes. Could definitely show that as a breadcrumbs-
style thing (might also make people care more about readable paths, which is
nice).

\- The query string should probably be shown as "tags" with a key and value,
since that's what they are.

\- The hash is a bit icky, but it might be enough to highlight that you're
linking to a place in the page.

Could be displayed as something like this:
[https://i.imgur.com/RfJoP23.png](https://i.imgur.com/RfJoP23.png)

------
otakucode
Welp, time to be afraid then. Google does not wait to find a replacement when
they don't like something. They destroy first, and then never get around to
coming up with anything to replace it. So get ready to embrace a future with
no address bar and with Google search being the only way to find and navigate
to pages. Just look at what they did with vertical side tabs in Chrome for a
perfect example. Google said they "didn't like how it looked" and "wanted to
find a better solution" so, despite the option being a hidden setting you had
to dig to even find and enable, they ripped it out of the browser. And to this
day, years later, there is no solution at all to having lots of tabs open. The
browser just rapidly fills the bar with tabs, shrinking them to utter
uselessness.

But at least Google doesn't have to tolerate something they find aesthetically
displeasing.

------
OisinMoran
I'm a bit late to the party here, and the following doesn't address a lot of
the concerns in the article (nor does it actually get rid of URLs), but for
anyone interested in alternatives to horribly long URLs or incredibly opaque
URL shorteners I made a fun little tool [0].

It's called ShortestSearch and in essence could be looked at as a reverse
Google in that you give Google search terms and it gives you a list of
websites, but for ShortestSearch you give it a website and it gives you a list
of search terms. All with the aim to perfect the art of "It should be the
first result if you Google 'x y z' ".

Also found the part of the article where it describes its own URL strangely
enjoyable.

[0]
[https://oisinmoran.com/ShortestSearch/](https://oisinmoran.com/ShortestSearch/)

------
romaniv
_> "Some URLs are good for sharing, others aren't."_

This is one of the things that definitely can be improved on. Having something
either in the URL or in page metadata to say "this is linkable". This doesn't
warrant a replacement, however.

------
DelightOne
Navigation is the problem.

Maybe go back to lists and hierarchies of lists like the old days. With `UUID`
behind it. Lists are at least navigatable.

So every URL would be part of at least one list and `URLs` point to lists. Or
something like that.

Example: Sites-I-Use List can be shown in the address-bar instead of the url
as green while a site I never used before can be shown as red. That’s not even
taking organization into account, or all the other myriad of useful usecases.

~~~
djstein
whoa there, let's not talk about sense

~~~
DelightOne
So its a bad idea? Well, at least its mine.

Anyway how often have you used URLs list-like?! And how often have you used
Google(which offers List by Search)?

~~~
djstein
I should have added an /s

------
souterrain
It's a bit disingenuous ars technica ledes with a screenshot of a homograph
attack that Chrome mitigated in March 2017, and really doesn't relate to the
article. [https://www.xudongz.com/blog/2017/idn-
phishing/](https://www.xudongz.com/blog/2017/idn-phishing/)

------
dstroot
The “World Wide Web” was based on only three concepts. A document markup
language, an document “universal resource location” (URL), and a tool that
could use the URL to retrieve the document and render the markup.

Breaking/obfuscating/demoting the URL is so fundamental I am shocked it would
even be suggested.

------
elicash
Given Google hasn't laid out any particular solution and they're still being
criticized, it seems to me that HN is so cynical of large tech companies
exercising their monopoly power (because of past practices) that they're
afraid of any effort to rethink the fundamentals of the web.

Which on one level makes sense. It's good to protect things that have made the
web great. However, it's also good to maintain a spirit of innovation and
willingness to question those things that people assume has to work a certain
way just because it's always worked that way.

When there's a specific proposal, and if that proposal is a bad one, attack it
on the merits. But there are real problems of security and user friendliness
when it comes to URLs and I don't see anybody else working on it. Does anybody
really think that it's impossible to improve and the way we do things now is
exactly the way we should be doing it 100 years from now?

------
zelon88
"...go to www dot COMPANY dot com, or AOL keyword COMPANY..."

------
lbriner
I'm not sure URLs have any major downsides. The full complexity is beyond most
people but most people don't need to understand anything more than how to type
www.something.com, it is the web application owner who has to understand them
and where most security problems live. Security is only a problem if the
server or web application have not been setup correctly.

It's no different than visiting a shop or a house where you should be able to
expect certain regulations to be met (insurance, building codes etc) and I can
see more countries starting to enforce country-wide codes for web sites,
annual checks, registrations, whatever for people to be allowed to trade in
that country.

------
s_dev
Is the implication that they want us all to use AMP?

------
shawnlower2
Half-baked idea: replace it with the x509 subject?

The route could be displayed less prominently to the right.

Preserve normal omnibar behavior for input.

------
lcnmrn
Browsers should only reable URLs, that means GET parameters shouldn't work.

------
jiveturkey
RealPaths (TM)

(ref to Real Names, for those not old enough to remember)

------
cat199
so, lets see..

we'll need a protocol. and a port. and a host. and then a resource on that
host. and to combine them together.

how about:

foo.html\80:net.host\\\:http

totally cool!

~~~
theandrewbailey
That's innovative! I don't know why we haven't been doing this before! \s

------
giancarlostoro
So how can I even link someone to content if this were the case?...

~~~
jtr_47
You'll have to use their "new" version of a URL.

Sounds like Google is becoming a bully ;p. They shouldn't reset standards of
World Wide Web.

