|
Top-level
 How about this? Lawmakers pass a law (gasp!) that says if you're a private company providing services to the entire populace on behalf of .gov, your site will use com/net/org only when it is interacting with the government. Full stop. Probably even the extreme wingnuts in the GOP could get behind this, in a kind of "buy American" way. 24 comments
@briankrebs related angry old man yelling at clouds: why does every government web site ask if they can add marketing cookies or do I just want the ones necessary for this site?  Why? Because laws were passed that made them. They wouldn't without the laws. Round and round we'll go.. @itty53 @briankrebs How about just using cookies needed for the site to work? Not trying to sell our data to private companies while providing government services? @itty53 @aqunt @briankrebs The question is why a government site is trying to set marketing cookies, though. @briankrebs What about appropriate country TLDs? (ie, .us for companies providing services to US government + people) @max No way in hell I would encourage the further use of .us until someone in charge at the GSA or whatever started giving a damn about how the tld is completely overrun with abuse, phishing and spam domains -- in near total contravention to the tld's charter, I might add. https://krebsonsecurity.com/2023/09/why-is-us-being-used-to-phish-so-many-of-us/  @briankrebs yeah. A representative. But then again how many bills are drafted by lobbyists and just signed by representatives   @briankrebs I like this, but there might need to be some kind of domain registration price regulation included too. @briankrebs If the company is operating out of a Balkan nation, does making it use a .com domain make it any safer?  @briankrebs  @FritzAdalis @briankrebs ID.me can eat a dick, they refuse to verify my identity. Trying to lock down my ID with the IRS because of my PMI being all over the dark web, and I just can't. They refuse to work with me, it fucking sucks. @briankrebs So you basicly say, governments may not use an external mail/mail tracking service like mailchimp, postmark (what this is) and so on. Not that I am on the other side, but how should a normal user (the stuff at that government) know whats going on behind the scenes? They just use the typical plugin. @briankrebs Alternative idea… a federal CA. All government and proxy sites must use it. @briankrebs Rather than a lock icon for these certs for https in the browser, instead have a lock with… just spitballing here… an Eagle shooting off fireworks while gripping a beer can. Or a flag. Your choice. @briankrebs It really should. This is how most scams in third world countries start. 'SMSes like Click on this link to pay your tax/insurance, and the link is of some xyz@shop xyz@corner xyz@taxoffice site.' Make it a law sooooon, Like before some foreign lobby gets to the GOP wingnuts. @briankrebs I can see it now, generic system services company has to buy .us, .ie, .uk, .es, .ca, .de, .fr, etc, and use the correct domain for each country. (.com is also banned in the EU for being under US control)  @briankrebs Sure, it's not a problem....right now. But in 5 years, if that company goes under and another one moves in, even with 3 years time warning ahead, some random person finds an old document via a search engine that talks about this URL. If it's a .gov address, no prob, 301. But what if it's a domain you just...don't control anymore? |
Gregory's Server
@briankrebs US Congress passing laws that universally benefit society? Get outta here with this communist propaganda