Why Google Wants to Ditch Traditional URLs – The Security and Usability Battle

21CTO Digest: Google has been considering how to save internet resources, and now it wants to eliminate URLs.

According to reports, Google plans to transform the URL system and adopt a new method for locating network resources.

A URL (Uniform Resource Locator) is the familiar web address that indicates where a network resource resides and serves as the mechanism for retrieving it. URLs appear in HTTP pages, FTP transfers, mailto links, JDBC database connections, and many other applications.

Defined in 1994, URLs have been used for over two decades, becoming essential for everyday browsing and a powerful tool for developers. However, as the network environment grows more complex, URLs have become increasingly difficult to read and understand in two main ways.

First, URLs are being replaced by garbled strings, such as the widely used short‑link technique that compresses a long URL into an unintelligible short string.

These garbled strings are decoded by browsers to enable normal access, but they hide significant security risks because users cannot visually discern the destination. Malicious actors can exploit this opacity to conduct phishing attacks, impersonate legitimate institutions, or direct victims to harmful sites—similar to the current crisis surrounding QR codes, where lack of transparency prevents users from knowing where they will be taken.

Second, on mobile devices the full URL often cannot be displayed due to limited screen space, making it hard to read.

To address these problems, Google proposes a major redesign of URLs, seeking a completely new way to convey website identity.

Chrome engineering manager Adrienne Porter Felt said that URLs are hard to understand and are not an effective way to convey site identity. She added, "People find it difficult to know which URLs can be trusted, and I don’t think the URL itself is a good way to convey a site’s identity. So we want to reform it so that anyone can understand any web identity and judge whether a site can be trusted when they use it."

The new approach aims to enhance network security and identity integrity while adding convenience for everyday tasks, such as easier link sharing on mobile devices.

Google has not yet released concrete examples of the new scheme. Chrome director of engineering Parisa Tabriz noted, "I don’t know what the new solution will look like; the team is actively discussing it, and whatever we propose will inevitably spark controversy. URLs are a very old, open, and massive system, and any transformation will be contentious, but we still want to improve it."

Historically, Chrome has tackled URL security. In 2014, it experimented with an "origin chip" that displayed only the site’s primary domain to help users see which site they were actually visiting. The experiment received mixed reactions and was eventually abandoned.

Chrome’s push for HTTPS also faced resistance, with some critics accusing Google of being too aggressive. Porter acknowledged that any change to URLs will be controversial and that the redesign has a long road ahead.

With the rollout of Chrome 69, the browser removed the "www" and second‑level subdomains from the address bar, treating them as meaningless. For example, "www.21cto.com" now appears as "21cto.com".

Users can still force Chrome to show the full address and subdomains by disabling the flag at chrome://flags/#omnibox-ui-hide-steady-state-url-scheme.

Double‑clicking the address bar still reveals the full URL, and copying the shortened address and pasting it elsewhere yields the complete URL.

Compiled by the 21CTO community Source: https://www.techrepublic.com/article/chrome-69-kills-off-www-in-urls-heres-why-googles-move-has-made-people-angry/