Oh that’s a good point. I have only ever encountered these on Lemmy or similar places where you are clearly clicking a link that starts with “xn——————“ and then seeing how it ties together on my phone’s browser.
Maybe we shouldn’t be using these. I did find myself looking at domains with emojis in them, weirdly enough for someone who doesn’t use or really like them. But the fact that this extends to basically any Unicode character is an absolute security black hole.
Unless the standard is extended to have more guardrails/to make it impossible to resolve domains with the most egregious fake characters. Or better, to make characters interchangeable the same way domains aren’t case-sensitive.
The learning curve for understanding the actual web and its protocols looks more and more insurmountable to me every day lol
Oh that’s a good point. I have only ever encountered these on Lemmy or similar places where you are clearly clicking a link that starts with “xn——————“ and then seeing how it ties together on my phone’s browser.
Maybe we shouldn’t be using these. I did find myself looking at domains with emojis in them, weirdly enough for someone who doesn’t use or really like them. But the fact that this extends to basically any Unicode character is an absolute security black hole.
Unless the standard is extended to have more guardrails/to make it impossible to resolve domains with the most egregious fake characters. Or better, to make characters interchangeable the same way domains aren’t case-sensitive.
The learning curve for understanding the actual web and its protocols looks more and more insurmountable to me every day lol