- From: KUROSAKA Teruhiko <kuro@bhlab.com>
- Date: Mon, 14 Feb 2005 23:07:56 -0800
- To: Frank Yung-Fong Tang <ytang0648@aol.com>
- CC: Unicode Mailing List <unicode@unicode.org>, www-international@w3.org, Martin Duerst <duerst@w3.org>
Hello everybody (although I don't think my posting would
go through to Unicode mailing list),
I don't see this a Unicode problem or IDN problem,
because the same problem existed before IDN. Using
a certain font, "1" (one) and "l" (el) look almost same,
and "0" (zero) and "O" (capital oh) look similar.
If I don't see them very closely, I wouldn't be able to
tell goog1e.com isn't google.com. (Can you?)
Sure allowing any Unicode characters raised the issue
to the new level, but I wouldn't blame Unicode or IDN
for that. I'd blame the bad guys who try to cheat
innocent users!
I would take this issue just like any other security
issues. Find out what the bad guys doing and build
a way to defend users from the bad guys.
Coloring the scripts seem to be a good first step.
Since "Mam and Dad" may not understand what they mean,
the browser should also have a heuristic/statistical
engine that detects suspicious URLs, perhaps consisting of
only ASCII looking characters of other scripts, and
warn the user before it realy access them.
--
KUROSAKA ("Kuro") Teruhiko, San Francisco, California, USA
Internationalization Consultant
http://www.bhlab.com/
Received on Tuesday, 15 February 2005 07:08:08 UTC