We all know that nothing on the web is safe. In fact, McAfee reports that cyber attacks last year alone cost the world about $600 billion. To make the matter worst, the number of these attacks are rising. And so what’s the root of all this evil?
URLs. Well, somehow.
URLs contributes a bigger pie to this problem. URLs are complicated, and this enough is a very reason for cybercriminals to use it to their advantage. They can launch websites that contain files with malicious contents, spread fake news, or initiate phishing attacks which could later lead to bigger problems like identity theft, reputation damages, credit card fraud among many others.
Also in a report by Anti-Phishing Working Group (APWG) last May, there are 60,926 live phishing websites globally as of December 2017. That is about a 10% increase from APWG’s November data which suggests that 54,322 of phishing websites were active during that month. 42% of the target industry sectors were related to online payment services.
In a data conducted by Vade Secure in North America, Microsoft leads the top ten most spoofed brands online, thanks to the advent of its Office 365. PayPal, which is the world’s most preferred online payment service, is coming at second, then followed by Facebook.
Chrome’s 10th birthday incites some interesting discussion for the betterment of the world wide web: complete removal of URL.
Chrome, in its short life, has introduced some radical changes in how we handle the web today. From its innovative way of managing the tabs, or the way it handles errors, it’s blazing speed and overall simplicity, Google’s homegrown web browser has helped shape the web as what it is today. And it never stopped there. Google’s recent initiative to promote HTTPS web encryption (basically Chrome is marking all HTTP sites as “not secure”), will aggressively nudge users away from unencrypted sites. But for Google and its security team, it is not enough.
“People have a really hard time understanding URLs,” Adrienne Porter Felt, Chrome’s engineering manager, told Wired. “They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity,” he continued.
“So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.”
It doesn’t sound like an easy task. Removing the URL is redesigning the whole web, and it gets tougher when we think about how the web then will look like without this guiding line. Or how do we even execute the web? Google admits that it is still scarce of answers.
“I don’t know what this will look like, because it’s an active discussion in the team right now,” says Parisa Tabriz, director of engineering at Chrome. “But I do know that whatever we propose is going to be controversial. That’s one of the challenges with a really old and open and sprawling platform. A change will be controversial whatever form it takes. But it’s important we do something because everyone is unsatisfied by URLs. They kind of suck.”
Interestingly, even the Chrome team is still divided on the best possible solution to the problem. This could mean that there is actually not just a single proposal, but a couple more currently under considerations. Things Google will reveal this coming fall or spring.