<<< Date Index >>>     <<< Thread Index >>>

Re: [alac] Mozilla to switch off IDNs and IRIs.



At 04:08 PM 2/15/2005 +0100, Vittorio Bertola wrote:
On Mar, 15 Febbraio 2005 13:44, Thomas Roessler disse:
>> Or to modify the recommendations on how IDNs are displayed, so
>> all applications clearly noted that they were showing an IDN.
>> Then, if you weren't expecting an IDN (e.g., when you thought you
>> were looking at paypal.com and saw [IDN=RU]paypal.com), you'd
>> know something was fishy.
>
> I have some doubts about users actually realizing these things -- if
> you just count the warning messages from a browser, then almost all
> for-pay wireless hotspots out there look fishy.  Still, they make
> money.

In Italy, my local telecom provider has just been acquired by a previously
unknown company, whose only business was selling premium telephone numbers
to be then used by spyware/adware to force your modem to dial them up, and
you to pay hundreds of euros in unwanted telephone bills each month
(because you didn't read the notices that your browser was popping up, did
you?). They were making revenues of many million euros per month.

Bottom line: don't rely purely on user education, it won't work for the
masses, not until many years from now.

Yes, but encouraging use of an interface that makes it easier to educate users is key. One suggestion, via boingboing <http://www.boingboing.net/2005/02/14/idn_domain_spoofing_.html>, indicate when names have multiple scripts, so users can note whether that jibes with their expectations. <http://lookit.proper.com/archives/000302.html#000302>

This IDN spoof is just the next iteration of "paypa1.com" and "paypaI.com" . We didn't insist that registrars block all registrations with L, 1, and I, but we do punish those who use misleadingly similar domain names to commit fraud (and law enforcement goes after the places the fraudsters try to put the money or use the fraudulently obtained credit cards, not the information they didn't put into WHOIS).

> Which conference? ;-)
CodeCon

--Wendy

--
Wendy Seltzer -- wendy@xxxxxxxxxxx
Electronic Frontier Foundation
Berkman Center for Internet & Society at Harvard Law School
http://cyber.law.harvard.edu/seltzer.html
Chilling Effects: http://www.chillingeffects.org/