|
Top-level
@xpil internationalized domain names (aka. IDNs) are a hugely difficult subject. On the one hand, yes they enable these kinds of attacks. On the other hand, speakers of languages using alphabets different than plain ASCII should have the technical ability to use their alphabets and scripts online in full capacity. There is no good, clear solution, still. Using punycode solves the security angle, but dramatically reduces usability for anyone using non-ASCII script. I.e. most of the world. 6 comments
@silmathoron @xpil it also reduces the usability and visibility of IDN websites to users with an "interface that uses roman alphabet". Why *should* https://žvižgač.si be only shown as https://xn--viga-jua78dc.si/ to them? This effectively makes them less likely to click. In other words, it *punishes* websites for using IDN domains. Not to mention, what does it even mean a "language interface that uses roman alphabet"? It's UTF/unicode mostly anyway. And consider English words like "naïve". @silmathoron @xpil not to mention, it's basically saying "let's protect the English speakers from such scams; we simply can't be bothered to care that these scams also affect speakers of other languages and uses of non-ASCII scripts". Which is... very meh.   @dredmorbius @rysiek @silmathoron @xpil I'm saying not allowing people to use services in their own language and writing method is wrong. |
Gregory's Server
@rysiek @xpil fair enough, but they could make it default to true if the language interface uses roman alphabet, for instance... I'd think that this highly reduces both the security issue and the amount of people that would be annoyed