[UA-discuss] SAC095 - SSAC Advisory on the Use of Emoji in Domain
Andrew Sullivan
ajs at anvilwalrusden.com
Wed May 31 17:00:35 UTC 2017
On Wed, May 31, 2017 at 04:49:20PM +0000, Andre Schappo wrote:
> User reassurance - knowing the exact address of the website they will visit if they click the link.
But given the semantics of markup languages, you _never_ get that
assurance. Indeed, training people to believe the running text as
opposed to the target of the link is giving them bad advice, because
this is how phishing works.
> User feedback - Users can visually verify that the address of the website they land on after clicking the link is indeed what was stated.
If they've already clicked through in a lot of phishing attacks,
that's too late.
> I consider spoofing/phishing is more easily achieved with links hiding behind text/images without going to the effort of employing and registering IDNs containing confusables.
>
> eg <a href="http://WeWillStealYourMoney.com">the honest and genuine bank<a>
>
Or, of course, <a
href="http://WeWillStealYourMoney.com">http://yoursafebankhere.com<a>.
I don't care how you prefer to do this -- it's a stylistic preference
-- but I don't believe it is or ought to be part of the UA goals.
> Also, one can use links in a similar manner to the way citations are used in academic papers
>
That very stilted style was precisely what hypertext theorists were
opposed to in the first place, though.
Best regards,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the UA-discuss
mailing list