The Uniform Resource Locator has been the user-interface lingua franca of the internet for decades. A browser window just wouldn’t look right without it up there at the top. But as the web has matured into a GUI-driven, mobile-first, app-serving consumer operating system in its own right, the URL stubbornly persists as an arcane, command-line-esque relic of the internet’s ultra-geeky origins. Why?
Apple and Google seem to be wondering the same thing. A quick glance at their browsing apps seems to imply that the URL is being slowly but surely shown the door. The latest version of Apple’s Safari web browser only shows the domain name (i.e., apple.com) in the address bar. Google Chrome has encouraged users to treat the address bar like a search box (or “omnibox,” in Google parlance) for years. Google’s mobile search app currently buries full URLs in a tiny submenu-of-a-submenu.
Meanwhile, hackers can still use ill-designed URL addresses as hidden-in-plain-sight invitations for committing fraud and identity theft. Seriously: it’s 2015. Why can’t we design a better way to get around on the web?
I put the question to Jon Bell, a designer at Twitter who takes these kinds of details seriously enough to write 10,000-word UX critiques in his spare time. Bell began by referencing a famous quip about post-PC computing:
“The URL is in a similar transition,” Bell says. “Back in the day, you wanted to see exactly where you were on this crazy thing called the internet. But now, nobody is typing different directory structures [into the address bar] to see what happens. We’re not relying on SEO as much, and on mobile they’re just not relevant in the same way.”
Everything after the .com in a URL is “very truck-level stuff,” Bell says, which is why Apple and Google have been de-emphasizing it as much as possible. For most of us, the URL does two meaningful jobs:
- Tell us where we are or where we’re about to go, generally speaking. (Or as Bell puts it: “Am I still reading that article on Time.com or is this Twitter now?”)
- Provide a specific, portable, platform-agnostic pointer to something. (Or as I like to think of it, act like a “magic subway token” for anywhere on the web. Push this thing into the slot at the top of your browser, and poof, there you are.)
But neither of these jobs necessarily requires a long string of text — or any text at all, really—to accomplish at the interface level. Last year, Google actually experimented with killing the URL in its web browser and replacing it with something called the “origin chip.” This UI element shrunk full web addresses into a button-like label. (You could still see the whole URL by clicking it.)
The idea was that by hiding the alphabet soup of full URLs, the origin chip would make phishing attacks easier to spot. For example, an address like bankofamerica.com.ref.xnx.io may look official if you’re used to only reading the first part of URL (as many web users are). But the domain it actually points to is xnx.io, not bankofamerica.com. Since the origin chip strips out everything but the main domain, xnx.io would appear to the user as an obvious red flag.
Seems like a clear improvement—so why didn’t Google move ahead with it? Two words: unintended consequences. Within days of its release, security researchers discovered a bug in the “origin chip” that completely negated its anti-phishing function. Redesigning legacy UIs for added security is harder than it looks—and in this case, Google probably decided that the costs of introducing unfamiliar controls and unpredictable security holes into an already “good-enough” UI probably outweighed the benefits. “This is why you hear about new software vulnerabilities every other day,” Bell says. “Literally the smartest people in the world can’t predict where they’ll appear.”
Then again, mobile operating systems already provide Share buttons to move web addresses around without manual copying and pasting of text. Debugging issues aside, what’s really stopping us from GUI-izing the URL into oblivion (or obscurity), the same way the original Macintosh banished the command line?
To Bell, this is like comparing apples and oranges. Unlike the command line, “which was never relevant to Macintosh or Windows users”—the whole value proposition of those products, after all, was in not having to operate them via keyboard—the text URL is familiar to “everyone who has ever been on the internet, ever,” he says.
Not only that, it’s hard to beat plain text when it comes to uniquely labeling every one of trillions of “things” and “places” in a global digital communications medium. In a very tangible sense, URLs are the true names of the web. Even as deep linking continues to integrate apps and the web, and virtual reality interfaces like Oculus Rift (which is backed by Facebook) promise a uniquely immersive internet user experience, URLs themselves are unlikely to ever be completely abstracted away. After all, even Mac and Windows users still have to name the icons that represent their files and directories.
“Are you going to care what the URL looks like? Of course not,” Bell says. “You’re just going to care that your apps and websites talk to each other. The URL is here to stay.”