[technology taskforce] Google Developers : Humans can't read URLs. How can we fix it? - HTTP 203

Dev Anand Teelucksingh devtee at gmail.com
Sat Feb 8 11:33:45 UTC 2020 

Well most persons would
- click on links,
- see visually the site looks like the site they are used to,
- may see a padlock so they think it’s safe ;  - may see from the url bar
if the domain is the one they are accustomed to ;
- see the name of the company/service they are going to as part of the long
URL and assume it’s legit.

- consider how long URLs  to documents or files are delivered
https://community.icann.org/display/atlarge/2020-01-27+At-Large+Technology+Task+Force+Call?preview=/126420432/126422910/atlarge-technology-taskforce-27jan20-en.pdf

A bad person could create a link like
https://community.icann.org.can.work/display/atlarge/2020-01-27+At-Large+Technology+Task+Force+Call?preview=/126420432/126422910/atlarge-technology-taskforce-27jan20-en.pdf

and I dare say most would find it hard to figure out whether it’s legit or
not. And if the link to the file is a malware file that opens and executed
on clicking, then it’s too late.

Dev Anand

On Fri, 7 Feb 2020 at 3:59 PM, Johan Helsingius <julf at julf.com> wrote:

> The fact is that people click on links and do searches, they don't type
> in domain addresses.
>
> Anyway, how do you know "mybankinfo.com" is a safe site in the first
> place? And if someone can steal credentials or place malware, looking at
> the URL won't help.
>
>         Julf
>
> On 07-02-2020 20:52, Dev Anand Teelucksingh wrote:
> > A large problem is when bad persons obscure the domains of companies in
> > phishing campaigns so that persons go to the bad persons' website on
> > another domain and steal their credentials or get malware installed.
> >
> > So say you get an email link from a trusted person whose been hacked
> > saying - "hey we're not sure your paycheck was delivered to mybankinfo.
> > Can you login to mybankinfo.com.paymentlogin.info
> > <http://mybankinfo.com.paymentlogin.info> and check?
> > The challenge is that persons may just see "mybankinfo.com
> > <http://mybankinfo.com>" and assume they are going to the mybankinfo.com
> > <http://mybankinfo.com> site.
> > And because they clicked on the link, how would the browser "know" what
> > the site you really intended to go to?
> >
> > Dev Anand
> >
> > On Fri, Feb 7, 2020 at 3:04 PM Johan Helsingius <julf at julf.com
> > <mailto:julf at julf.com>> wrote:
> >
> >     On 07-02-2020 19:49, Dev Anand Teelucksingh wrote:
> >     > Hmm....How would persons know what is the website they are viewing
> on
> >     > without the URL?
> >
> >     How many users check out the website info in URLs anyway? How will
> they
> >     know that Mybankinfo.com is OK, but mybank.info <http://mybank.info>
> >     isn't?
> >
> >     Shouldn't it be the job of the browser to check if the web site is
> the
> >     one you want to talk to (based on certificates)?
> >
> >             Julf
> >
> >     _______________________________________________
> >     ttf mailing list
> >     ttf at atlarge-lists.icann.org <mailto:ttf at atlarge-lists.icann.org>
> >     https://mm.icann.org/mailman/listinfo/ttf
> >
> >     _______________________________________________
> >     By submitting your personal data, you consent to the processing of
> >     your personal data for purposes of subscribing to this mailing list
> >     accordance with the ICANN Privacy Policy
> >     (https://www.icann.org/privacy/policy) and the website Terms of
> >     Service (https://www.icann.org/privacy/tos). You can visit the
> >     Mailman link above to change your membership status or
> >     configuration, including unsubscribing, setting digest-style
> >     delivery or disabling delivery altogether (e.g., for a vacation),
> >     and so on.
> >
> >
> > _______________________________________________
> > ttf mailing list
> > ttf at atlarge-lists.icann.org
> > https://mm.icann.org/mailman/listinfo/ttf
> >
> > _______________________________________________
> > By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
> >
>
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200208/ecc14931/attachment-0001.html>

More information about the ttf mailing list