Comment on Thoughts on Cloudflare
sem@lemmy.blahaj.zone 4 days agoLet’s say that I go to google.com. The UI shows
https://google.com/ . No punycode because it is plain ascii. Everything is as expected.
Now let’s say I click on a link for googӏe.com. The ui shows `googӏe.com (googӏe.com) I’d be like, holy shit that is a shady URL!
That’s how I imagine it helping, although I am not a UI expert. There could be a better way. But that googӏe.com scares me – I can’t visually tell that it is not a normal lowercase “l”.
darklamer@lemmy.dbzer0.com 4 days ago
But how would an average user know that xn–googe-hof.com isn’t the right one?
sem@lemmy.blahaj.zone 3 days ago
Because it does not match google.com
darklamer@lemmy.dbzer0.com 3 days ago
But that line of reasoning presupposes both that the right name is in ASCII and that the user knows this. As soon as either one of those isn’t true, showing the Punycode no longer is of any help in determining which one is the right one.
sem@lemmy.blahaj.zone 3 days ago
For most security - centric websites, the right name is ASCII only.
For any that aren’t, people would have the opportunity to become familiar with the correct fingerprint over time and have a chance to notice a difference.
I’m curious to hear if you think there is a better way. What I’m saying is unlikely to ever be implemented in a browser and I’m not trying to convince you or anything, just say why I personally would appreciate it.