{"id":14513,"date":"2019-02-06T11:10:06","date_gmt":"2019-02-06T19:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/02\/06\/news-8263\/"},"modified":"2019-02-06T11:10:06","modified_gmt":"2019-02-06T19:10:06","slug":"news-8263","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/02\/06\/news-8263\/","title":{"rendered":"Google Chrome announces plans to improve URL display, website identity"},"content":{"rendered":"

Credit to Author: Malwarebytes Labs| Date: Wed, 06 Feb 2019 18:16:47 +0000<\/strong><\/p>\n

\u201cUnreadable gobbledygook\u201d is one way to describe URLs today as we know them, and Google has been attempting to redo their look for years. In their latest move to improve how Chrome\u2014and of course, how the company hopes other browsers would follow suit\u2014displays the URL in its omnibox (the address bar), Google\u2019s Chrome team has made public two projects that usher them in this direction.<\/p>\n

First, they launched Trickuri<\/a> (pronounced as \u201ctrickery\u201d) in time for a talk they were scheduled to present at the 2019 Enigma Conference<\/a>. Second, they\u2019re working on creating warnings of potentially phishy URLs<\/a> for Chrome users.<\/p>\n

Watch out! Some trickery and phishing ahead<\/h3>\n

Trickuri is an open-source tool where developers can test whether their applications display URLs accurately and consistently in different scenarios. The new Chrome warnings, on the other hand, are still in internal testing. Emily Stark, Google Chrome\u2019s Usability Security Lead, confesses that the challenge lies in creating heuristic rules that appropriately flag malicious URLs while avoiding false positives.<\/p>\n

“Our heuristics for detecting misleading URLs involve comparing characters that look similar to each other and domains that vary from each other just by a small number of characters,” Stark said in an interview with WIRED<\/a>. “Our goal is to develop a set of heuristics that pushes attackers away from extremely misleading URLs, and a key challenge is to avoid flagging legitimate domains as suspicious. This is why we’re launching this warning slowly, as an experiment.”<\/p>\n

These efforts are part of the team\u2019s current focus, which is the detection and flagging of seemingly dubious URLs.<\/p>\n

Google Chrome\u2019s bigger goal<\/h3>\n

The URL is used to identify entities online. It is the first place users look to assess if they are in a good place or not. But not everyone knows the components that comprise a URL, much less what they mean in the syntax. Google\u2019s push for website owners to use HTTPS has rippled across browser developers and consequently changed user preferences to favor such sites. In effect, by pushing HTTPS, Google changed the game to give the user a generally safer online experience.<\/p>\n

However, Google wants to go beyond this, and are set on raising user awareness of relevant parts of the URL (so they can make quick security decisions). As a result, they are refining Chrome to present these parts while keeping users\u2019 view away from the irrelevant gibberish.<\/p>\n

In a separate interview with WIRED, Adrienne Porter Felt, Google Chrome\u2019s Engineering Manager, has this to say about how users perceive the URL<\/a>: \u201cPeople have a really hard time understanding URLs. They\u2019re hard to read, it\u2019s hard to know which part of them is supposed to be trusted, and in general I don\u2019t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone\u2014they know who they\u2019re talking to when they\u2019re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it, as we\u2019re figuring out the right way to convey identity.\u201d<\/p>\n

While these may all sound good, no one\u2014not even Google\u2014knows what the final, new URL will look like at this point.<\/p>\n

A brief timeline of Google\u2019s efforts in changing the URL<\/h3>\n

Below is a brief timeline of attempts Google has made to how Chrome displays the URL in the omnibox:<\/p>\n