Skip to content

How to Read a URL

My Pittsburgh Post-Gazette this morning reminded me that Congress is encouraging the IRS and the FTC to deal with,, and — websites that offer tax-related information but that may confuse consumers into thinking that they are reading the real and official Internal Revenue Service website, which is located at  The problem here reminds me, again, of some important socio-cultural problems when it comes to consumer protection and the Internet.  Why don’t people learn?  More after the break.Conventional wisdom has it that we’ve been using the popular version of the World Wide Web for more than a decade, so we all have figured it out.  Anyone who hasn’t figured it out even runs the risk of being put in jail, at least if they’re in the wrong place at the wrong time.  The fact that the convention wisdom may well be wrong in the IRS case (and wrong still, as anyone who visited will remember) raises an important question:  Why haven’t people learned this stuff already?

What’s going wrong in the IRS situation?  First, people encountering (for example) don’t necessarily check to associate the content of the site (tax information) with a URL (a .com top level domain).  I know how to do that; I know that agencies of the the United States government usually put up websites that use a .gov top level domain, so is immediately suspicious to me, even before I look at the content of the site.  Related to this, I know when I look at a website that I can correlate the site’s contents with the URL in the address bar, as well as with the text at the top of the window, which renders the Title tag.  If those things don’t synch properly, something is amiss.  Second, people who check the URL don’t necessarily know how to parse its contents.  I know the differences between .gov and .com and .mil and .edu, for example.  In a more difficult to decode and more damaging context — phishing — I know both how to check the URL of links that appear in email in my In Box and I know (usually) how to decode enough of the URL to decide whether or not the mail is legitimate.  But an awful lot of people have no idea how to “read” a URL — literally, in this sense, as well as figuratively, by correlating it with the site.

Why not?  Consumer protection and trademark law have both made a lot of progress over the last decade.  Consumer education campaigns must have had some effect.  The number of people moving online and getting familiar with browsing and email is obviously enormous.

The one area that hasn’t changed much, over the last 10 years, is the basic browser GUI itself.  The major browsers share a basic template:  big window for the content; buttons above and/or below for navigation; small address bar above and/or below that displays the URL and to provide text-based navigation.  But nothing explicitly connects the URL to the site content; nothing explicitly decodes the URL.  Similar problems exist, of course, for email clients.  Is there an interface modification to be had that would address the cognitive disconnect exposed by the and phishing problems?

4 thoughts on “How to Read a URL”

  1. This is why so many people now enter “IRS” into a search box as opposed to putting IRS.[TLD] into a browser–they trust the search engine will get them to the right result better than they trust their memory of/guesses about domain names. So I think technology (such as search toolbars) is already taking care of it. Eric.

  2. Search helps, but “” is the third result when I put IRS into Google. If Google returned only one result, and that result was, then the problem would be solved — but others would ensue.

    Search can’t help when you map the cognitive disconnect to phishing.

  3. Search engines solve it somewhat, but if the state were really concerned about this, it could purchase/condemn domains where this is likely to occur and do redirects. See, e.g., NIH.COM

    For fun, see
    “…own the coolest address around! Check your secure CIA email from anywhere in the world. Absolutely FREE!”

    As you’ve observed, technologies makes demands on citizens, and while these demands track majority capabilities, they don’t always operate to protect the interests of (Luddite) minorities. See the Amish. Just as importantly — consider those at least partially incapable of using the new technologies on the same playing field, e.g.

  4. Note that a government agency (the postal service) compounds matters by redirecting to It would be less egregious if the redirect went the other way around, but I guess they hope to (somehow) avoid the taint of being a government agency.

Comments are closed.