Re: IDN problem.... :(

From: Gregg Reynolds (
Date: Mon Feb 14 2005 - 03:56:28 CST

  • Next message: Peter Kirk: "Re: IDN problem.... :("

    Antoine Leca wrote:
    > On Friday, February 11th, 2005 15:52Z Gregg Reynolds va escriure:
    >>Couldn't it be based on system (or browser) locale?
    > If my locale is
    > sa_ES.utf-8
    > how can you guess my script?

    Perhaps not; but if you take "locale" a little more informally to mean
    "some kind of information about the user's linguistic preferences" it
    seems reasonable. It's really a matter of browser design. One option
    is that when you install the browser it asks you the right questions so
    that it will then know how to do the right things linguistically.

    (Adding a note that I inadvertently sent from the wrong email account in
    response to a different correspondant: wrote:

    > I fear that all of these ideas for issuing warnings or marking the
    > dubious constructs in some browser status region are only going to
    > be of help to the small percentage of people who are savvy enough
    > to understand the problem. The vast majority of users disable/click
    > through a sea of warnings either through ignorance, a low security
    > stance or because some more technical person told them to ignore it.

    I'll wager that the vast majority of users in fact has a very high
    security stance - they're afraid to do financial transactions on the
    web. For those who aren't, the rule is simple and effective: just as
    you never give your confidential info over the phone unless you placed
    the call, you never give that info over the web unless you typed in the
    url. My dear old mum figured that out and I didn't even have to
    instruct her; it's just common sense. Problem solved.

    The whole issue is way beyond the scope of technology standards. It's
    no more a technology problem than telemarketing fraud is a problem with
    telephony standards and products.

    Personally I'm inclined be against any restrictions at all on urls
    beyond those necessary for purely technical, not criminological,
    reasons. If I have a hard time typing in a URL (e.g. it uses dingbats
    or other oddboall symbols from the Unicode roster), then I won't divulge
    any confidential info on that site. Legit operators will be aware of
    this, so they won't use such URLs. As the marketplace and the culture
    adapt to the use of the web, technology-specific "common wisdom" will
    evolve, which parents will teach their kids, just like "don't take candy
    from strangers." Urban legends illustrating all the risks of the web
    will make the rounds. Etc.

    There will always be a small percentage of people who fall for scams, no
    matter how much they've been warned or how obvious the fraud. It seems
    unbelievable, but some people really do fall for the Nigerian 4-1-9
    scams ( just as some people
    who receive cold-call sales pitches from conmen end up parted from their

    On the other hand, I guess phishing does seem to be a different category
    of fraud, since doesn't rely on victim psychology. Victims of standard
    frauds like 4-1-9 are not entirely innocent; they are victims of their
    own greed. This is also true of those whole fall for seemingly legit
    get-rich-quick telemarketing scams. You cannot protect such people from
    themselves. But URL fraud relies purely on deception, not on stoking
    the victim's greed. It's more like impersonating a police officer. But
    I'm still not entirely convinced it's something tech standards need to

    If url fraud begins to become a real problem (as opposed to an
    unfortunate but relatively minor social problem), first of all folk
    wisdom addressing the problem will spread rapidly, and second of all the
    market will address it - browser makers will seek advantage by coming up
    with innovative features to deal with it. Worst case scenario: the
    politicians and the news media decide there's advantage to be had in
    stirring up WebPanic about such fraud, so that they can be seen as
    Defenders of the Common Folk, and the next thing you know they start
    imposing gov't regulation.


    This archive was generated by hypermail 2.1.5 : Mon Feb 14 2005 - 03:56:50 CST