Hacker News new | past | comments | ask | show | jobs | submit login

I understand their motivation, but in none of the articles murmuring about them "taking away the URL", I have never so far seen any concrete approach how their replacement could look.

Even if you are willing to sacrifice the "you can write them on a napkin and share them with everyone" feature, it's not clear to me what other identifier would fundamentally solve the identity problem:

Even if you forced every website to get an extended validation certificate from a preselected CA and then based website identity solely on the certificates, what would stop you from registering a misleading company name? (There are precedents for that, btw. Search for "World Conference Center Bonn Scandal" if you want to read some hilarity)

Additionally, as the article mentions itself:

> The big challenge is showing people the parts of URLs that are relevant to their security and online decision-making, while somehow filtering out all the extra components that make URLs hard to read.

I feel the approaches we have seen so far rest on the assumption that the top and second level domains of the hostname are the only "important" parts of an URL and the rest can be hidden. I think this assumption is simply false, even for a vast number of non-technical use-cases: Often, "identity" is not just about the organisation behind an URL but also about the content - e.g., you'd like to know which article of a blog a link leads to.

More importantly, many sites are divided into user profiles, where the identity of a user is given by a subdomain or a path segment. Just knowing you're on "https://facebook.com" doesn't tell you whether you're viewing the actual profile you want to view.

Finally, even the "cruft" is sometimes important, if only for knowing it's there. E.g., I frequently remove tracking/referral arguments before sharing a link - both to make the link easier to remember and to disrupt tracking.

Also, unrelated:

> The Chrome security team has taken on internet-wide security issues before, developing fixes for them in Chrome and then throwing Google's weight around to motivate everyone to adopt the practice

Is that how we imagined internet governance to work? Didn't we have standards bodies like the W3C or the IETF that were supposed to make decisions on that scale?




> Search for "World Conference Center Bonn Scandal" if you want to read some hilarity

FYI: I tried, and the only Google result is this exact HN post.


Ah, apologies. I guess my optimism was too great that this made more than local news.

I can't find an english-language article about the story, so here is a german one:

https://m.dw.com/de/der-bauskandal-um-das-world-conference-c...

To summarize the story:

Bonn used to be the capital of West Germany during the Cold War. When that was over, however, Berlin got reassigned as capital and Bonn went back to being a mostly ordinary small town.

They never quite got over the demotion though and the city made numerous attempts at staying internationally relevant. One project was to become a UN base of operations for Germany. Apparently for that, it's a requirement that your build an oversized hotel and conference venue.

The city had trouble finding investors for the project, but eventually a korean company - "SMI Hyundai" stepped forward.

If you want to believe the official records, then apparently due diligence went out the window at the mention of the name "Hyundai". City officials assumed that they were somehow affiliated with the automaker and were quick to trust them with city-backed loans in the millions.

It turned out they were scammers and not even remotely capable of contributing to the project. In the end, the city had damage of several 100 million euros.

The company had never had any relation to the automaker either. It just "happened" to have the term "Hyundai" in its name...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: