[technology taskforce] Google Developers : Humans can't read URLs. How can we fix it? - HTTP 203

Alfredo Calderon-Serrano acalderon1 at icloud.com
Sat Feb 8 11:42:53 UTC 2020 

So now we are in the DNS Abuse terrain. @Judith, it is a question of education and having ways to immediately report the situation and seek remediation.

The problem is that once the user 'Clicks' on the link, damage has been done!

Alfredo Calderón

Sent from my iPad

> On Feb 8, 2020, at 7:34 AM, Dev Anand Teelucksingh <devtee at gmail.com> wrote:
> 
> 
> Well most persons would 
> - click on links, 
> - see visually the site looks like the site they are used to, 
> - may see a padlock so they think it’s safe ;  - may see from the url bar if the domain is the one they are accustomed to ;
> - see the name of the company/service they are going to as part of the long URL and assume it’s legit.
> 
> - consider how long URLs  to documents or files are delivered https://community.icann.org/display/atlarge/2020-01-27+At-Large+Technology+Task+Force+Call?preview=/126420432/126422910/atlarge-technology-taskforce-27jan20-en.pdf
> 
> A bad person could create a link like
> https://community.icann.org.can.work/display/atlarge/2020-01-27+At-Large+Technology+Task+Force+Call?preview=/126420432/126422910/atlarge-technology-taskforce-27jan20-en.pdf
> 
> and I dare say most would find it hard to figure out whether it’s legit or not. And if the link to the file is a malware file that opens and executed on clicking, then it’s too late.
> 
> Dev Anand 
> 
> On Fri, 7 Feb 2020 at 3:59 PM, Johan Helsingius <julf at julf.com> wrote:
>> The fact is that people click on links and do searches, they don't type
>> in domain addresses.
>> 
>> Anyway, how do you know "mybankinfo.com" is a safe site in the first
>> place? And if someone can steal credentials or place malware, looking at
>> the URL won't help.
>> 
>>         Julf
>> 
>> On 07-02-2020 20:52, Dev Anand Teelucksingh wrote:
>> > A large problem is when bad persons obscure the domains of companies in
>> > phishing campaigns so that persons go to the bad persons' website on
>> > another domain and steal their credentials or get malware installed.
>> > 
>> > So say you get an email link from a trusted person whose been hacked
>> > saying - "hey we're not sure your paycheck was delivered to mybankinfo.
>> > Can you login to mybankinfo.com.paymentlogin.info
>> > <http://mybankinfo.com.paymentlogin.info> and check?
>> > The challenge is that persons may just see "mybankinfo.com
>> > <http://mybankinfo.com>" and assume they are going to the mybankinfo.com
>> > <http://mybankinfo.com> site.
>> > And because they clicked on the link, how would the browser "know" what
>> > the site you really intended to go to?
>> > 
>> > Dev Anand
>> > 
>> > On Fri, Feb 7, 2020 at 3:04 PM Johan Helsingius <julf at julf.com
>> > <mailto:julf at julf.com>> wrote:
>> > 
>> >     On 07-02-2020 19:49, Dev Anand Teelucksingh wrote:
>> >     > Hmm....How would persons know what is the website they are viewing on
>> >     > without the URL?
>> > 
>> >     How many users check out the website info in URLs anyway? How will they
>> >     know that Mybankinfo.com is OK, but mybank.info <http://mybank.info>
>> >     isn't?
>> > 
>> >     Shouldn't it be the job of the browser to check if the web site is the
>> >     one you want to talk to (based on certificates)?
>> > 
>> >             Julf
>> > 
>> >     _______________________________________________
>> >     ttf mailing list
>> >     ttf at atlarge-lists.icann.org <mailto:ttf at atlarge-lists.icann.org>
>> >     https://mm.icann.org/mailman/listinfo/ttf
>> > 
>> >     _______________________________________________
>> >     By submitting your personal data, you consent to the processing of
>> >     your personal data for purposes of subscribing to this mailing list
>> >     accordance with the ICANN Privacy Policy
>> >     (https://www.icann.org/privacy/policy) and the website Terms of
>> >     Service (https://www.icann.org/privacy/tos). You can visit the
>> >     Mailman link above to change your membership status or
>> >     configuration, including unsubscribing, setting digest-style
>> >     delivery or disabling delivery altogether (e.g., for a vacation),
>> >     and so on.
>> > 
>> > 
>> > _______________________________________________
>> > ttf mailing list
>> > ttf at atlarge-lists.icann.org
>> > https://mm.icann.org/mailman/listinfo/ttf
>> > 
>> > _______________________________________________
>> > By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
>> > 
>> 
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>> 
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200208/dbafcc17/attachment.html>

More information about the ttf mailing list