[technology taskforce] Google Developers : Humans can't read URLs. How can we fix it? - HTTP 203
Dev Anand Teelucksingh
devtee at gmail.com
Sat Feb 8 11:33:45 UTC 2020
Well most persons would
- click on links,
- see visually the site looks like the site they are used to,
- may see a padlock so they think it’s safe ; - may see from the url bar
if the domain is the one they are accustomed to ;
- see the name of the company/service they are going to as part of the long
URL and assume it’s legit.
- consider how long URLs to documents or files are delivered
https://community.icann.org/display/atlarge/2020-01-27+At-Large+Technology+Task+Force+Call?preview=/126420432/126422910/atlarge-technology-taskforce-27jan20-en.pdf
A bad person could create a link like
https://community.icann.org.can.work/display/atlarge/2020-01-27+At-Large+Technology+Task+Force+Call?preview=/126420432/126422910/atlarge-technology-taskforce-27jan20-en.pdf
and I dare say most would find it hard to figure out whether it’s legit or
not. And if the link to the file is a malware file that opens and executed
on clicking, then it’s too late.
Dev Anand
On Fri, 7 Feb 2020 at 3:59 PM, Johan Helsingius <julf at julf.com> wrote:
> The fact is that people click on links and do searches, they don't type
> in domain addresses.
>
> Anyway, how do you know "mybankinfo.com" is a safe site in the first
> place? And if someone can steal credentials or place malware, looking at
> the URL won't help.
>
> Julf
>
> On 07-02-2020 20:52, Dev Anand Teelucksingh wrote:
> > A large problem is when bad persons obscure the domains of companies in
> > phishing campaigns so that persons go to the bad persons' website on
> > another domain and steal their credentials or get malware installed.
> >
> > So say you get an email link from a trusted person whose been hacked
> > saying - "hey we're not sure your paycheck was delivered to mybankinfo.
> > Can you login to mybankinfo.com.paymentlogin.info
> > <http://mybankinfo.com.paymentlogin.info> and check?
> > The challenge is that persons may just see "mybankinfo.com
> > <http://mybankinfo.com>" and assume they are going to the mybankinfo.com
> > <http://mybankinfo.com> site.
> > And because they clicked on the link, how would the browser "know" what
> > the site you really intended to go to?
> >
> > Dev Anand
> >
> > On Fri, Feb 7, 2020 at 3:04 PM Johan Helsingius <julf at julf.com
> > <mailto:julf at julf.com>> wrote:
> >
> > On 07-02-2020 19:49, Dev Anand Teelucksingh wrote:
> > > Hmm....How would persons know what is the website they are viewing
> on
> > > without the URL?
> >
> > How many users check out the website info in URLs anyway? How will
> they
> > know that Mybankinfo.com is OK, but mybank.info <http://mybank.info>
> > isn't?
> >
> > Shouldn't it be the job of the browser to check if the web site is
> the
> > one you want to talk to (based on certificates)?
> >
> > Julf
> >
> > _______________________________________________
> > ttf mailing list
> > ttf at atlarge-lists.icann.org <mailto:ttf at atlarge-lists.icann.org>
> > https://mm.icann.org/mailman/listinfo/ttf
> >
> > _______________________________________________
> > By submitting your personal data, you consent to the processing of
> > your personal data for purposes of subscribing to this mailing list
> > accordance with the ICANN Privacy Policy
> > (https://www.icann.org/privacy/policy) and the website Terms of
> > Service (https://www.icann.org/privacy/tos). You can visit the
> > Mailman link above to change your membership status or
> > configuration, including unsubscribing, setting digest-style
> > delivery or disabling delivery altogether (e.g., for a vacation),
> > and so on.
> >
> >
> > _______________________________________________
> > ttf mailing list
> > ttf at atlarge-lists.icann.org
> > https://mm.icann.org/mailman/listinfo/ttf
> >
> > _______________________________________________
> > By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
> >
>
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200208/ecc14931/attachment-0001.html>
More information about the ttf
mailing list