W3C home > Mailing lists > Public > www-international@w3.org > January to March 2005

Re: IDN problem.... :(

From: KUROSAKA Teruhiko <kuro@bhlab.com>
Date: Mon, 14 Feb 2005 23:07:56 -0800
Message-ID: <42119FCC.2040407@bhlab.com>
To: Frank Yung-Fong Tang <ytang0648@aol.com>
CC: Unicode Mailing List <unicode@unicode.org>, www-international@w3.org, Martin Duerst <duerst@w3.org>

Hello everybody (although I don't think my posting would
go through to Unicode mailing list),

I don't see this a Unicode problem or IDN problem,
because the same problem existed before IDN.  Using
a certain font, "1" (one) and "l" (el) look almost same,
and "0" (zero) and "O" (capital oh) look similar.
If I don't see them very closely, I wouldn't be able to
tell goog1e.com isn't google.com. (Can you?)

Sure allowing any Unicode characters raised the issue
to the new level, but I wouldn't blame Unicode or IDN
for that.  I'd blame the bad guys who try to cheat
innocent users!

I would take this issue just like any other security
issues.  Find out what the bad guys doing and build
a way to defend users from the bad guys.

Coloring the scripts seem to be a good first step.
Since "Mam and Dad" may not understand what they mean,
the browser should also have a heuristic/statistical
engine that detects suspicious URLs, perhaps consisting of
only ASCII looking characters of other scripts, and
warn the user before it realy access them.

-- 
KUROSAKA ("Kuro") Teruhiko, San Francisco, California, USA
Internationalization Consultant
http://www.bhlab.com/
Received on Tuesday, 15 February 2005 07:08:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 19:17:04 GMT