Re: [alac] Mozilla to switch off IDNs and IRIs.
At 04:08 PM 2/15/2005 +0100, Vittorio Bertola wrote: On Mar, 15 Febbraio 2005 13:44, Thomas Roessler disse: >> Or to modify the recommendations on how IDNs are displayed, so >> all applications clearly noted that they were showing an IDN. >> Then, if you weren't expecting an IDN (e.g., when you thought you >> were looking at paypal.com and saw [IDN=RU]paypal.com), you'd >> know something was fishy. > > I have some doubts about users actually realizing these things -- if > you just count the warning messages from a browser, then almost all > for-pay wireless hotspots out there look fishy. Still, they make > money. Yes, but encouraging use of an interface that makes it easier to educate users is key. One suggestion, via boingboing <http://www.boingboing.net/2005/02/14/idn_domain_spoofing_.html>, indicate when names have multiple scripts, so users can note whether that jibes with their expectations. <http://lookit.proper.com/archives/000302.html#000302> This IDN spoof is just the next iteration of "paypa1.com" and "paypaI.com" . We didn't insist that registrars block all registrations with L, 1, and I, but we do punish those who use misleadingly similar domain names to commit fraud (and law enforcement goes after the places the fraudsters try to put the money or use the fraudulently obtained credit cards, not the information they didn't put into WHOIS). > Which conference? ;-) CodeCon --Wendy -- Wendy Seltzer -- wendy@xxxxxxxxxxx Electronic Frontier Foundation Berkman Center for Internet & Society at Harvard Law School http://cyber.law.harvard.edu/seltzer.html Chilling Effects: http://www.chillingeffects.org/
|