[technology taskforce] Google Developers : Humans can't read URLs. How can we fix it? - HTTP 203

Johan Helsingius julf at julf.com
Fri Feb 7 19:59:32 UTC 2020


The fact is that people click on links and do searches, they don't type
in domain addresses.

Anyway, how do you know "mybankinfo.com" is a safe site in the first
place? And if someone can steal credentials or place malware, looking at
the URL won't help.

	Julf

On 07-02-2020 20:52, Dev Anand Teelucksingh wrote:
> A large problem is when bad persons obscure the domains of companies in
> phishing campaigns so that persons go to the bad persons' website on
> another domain and steal their credentials or get malware installed.
> 
> So say you get an email link from a trusted person whose been hacked
> saying - "hey we're not sure your paycheck was delivered to mybankinfo.
> Can you login to mybankinfo.com.paymentlogin.info
> <http://mybankinfo.com.paymentlogin.info> and check?
> The challenge is that persons may just see "mybankinfo.com
> <http://mybankinfo.com>" and assume they are going to the mybankinfo.com
> <http://mybankinfo.com> site.
> And because they clicked on the link, how would the browser "know" what
> the site you really intended to go to?
> 
> Dev Anand
> 
> On Fri, Feb 7, 2020 at 3:04 PM Johan Helsingius <julf at julf.com
> <mailto:julf at julf.com>> wrote:
> 
>     On 07-02-2020 19:49, Dev Anand Teelucksingh wrote:
>     > Hmm....How would persons know what is the website they are viewing on
>     > without the URL?
> 
>     How many users check out the website info in URLs anyway? How will they
>     know that Mybankinfo.com is OK, but mybank.info <http://mybank.info>
>     isn't?
> 
>     Shouldn't it be the job of the browser to check if the web site is the
>     one you want to talk to (based on certificates)?
> 
>             Julf
> 
>     _______________________________________________
>     ttf mailing list
>     ttf at atlarge-lists.icann.org <mailto:ttf at atlarge-lists.icann.org>
>     https://mm.icann.org/mailman/listinfo/ttf
> 
>     _______________________________________________
>     By submitting your personal data, you consent to the processing of
>     your personal data for purposes of subscribing to this mailing list
>     accordance with the ICANN Privacy Policy
>     (https://www.icann.org/privacy/policy) and the website Terms of
>     Service (https://www.icann.org/privacy/tos). You can visit the
>     Mailman link above to change your membership status or
>     configuration, including unsubscribing, setting digest-style
>     delivery or disabling delivery altogether (e.g., for a vacation),
>     and so on.
> 
> 
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> 



More information about the ttf mailing list