W3C home > Mailing lists > Public > www-international@w3.org > January to March 2005

Re: IDN problem.... :(

From: KUROSAKA Teruhiko <kuro@bhlab.com>
Date: Mon, 14 Feb 2005 23:07:56 -0800
Message-ID: <42119FCC.2040407@bhlab.com>
To: Frank Yung-Fong Tang <ytang0648@aol.com>
CC: Unicode Mailing List <unicode@unicode.org>, www-international@w3.org, Martin Duerst <duerst@w3.org>

Hello everybody (although I don't think my posting would
go through to Unicode mailing list),

I don't see this a Unicode problem or IDN problem,
because the same problem existed before IDN.  Using
a certain font, "1" (one) and "l" (el) look almost same,
and "0" (zero) and "O" (capital oh) look similar.
If I don't see them very closely, I wouldn't be able to
tell goog1e.com isn't google.com. (Can you?)

Sure allowing any Unicode characters raised the issue
to the new level, but I wouldn't blame Unicode or IDN
for that.  I'd blame the bad guys who try to cheat
innocent users!

I would take this issue just like any other security
issues.  Find out what the bad guys doing and build
a way to defend users from the bad guys.

Coloring the scripts seem to be a good first step.
Since "Mam and Dad" may not understand what they mean,
the browser should also have a heuristic/statistical
engine that detects suspicious URLs, perhaps consisting of
only ASCII looking characters of other scripts, and
warn the user before it realy access them.

KUROSAKA ("Kuro") Teruhiko, San Francisco, California, USA
Internationalization Consultant
Received on Tuesday, 15 February 2005 07:08:08 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 21 September 2016 22:37:24 UTC