Another point I missed - one could try verify the owner of the url from the Whois if they were aware of Whois in the first place. But it seems likely that the replacement to Whois data underway with the EPDP discussions (triggered by the GDPR) will create barriers to see who owns a domain. Dev Anand On Sat, 8 Feb 2020 at 7:33 AM, Dev Anand Teelucksingh <devtee@gmail.com> wrote:
Well most persons would - click on links, - see visually the site looks like the site they are used to, - may see a padlock so they think it’s safe ; - may see from the url bar if the domain is the one they are accustomed to ; - see the name of the company/service they are going to as part of the long URL and assume it’s legit.
- consider how long URLs to documents or files are delivered https://community.icann.org/display/atlarge/2020-01-27+At-Large+Technology+T...
A bad person could create a link like
https://community.icann.org.can.work/display/atlarge/2020-01-27+At-Large+Tec...
and I dare say most would find it hard to figure out whether it’s legit or not. And if the link to the file is a malware file that opens and executed on clicking, then it’s too late.
Dev Anand
On Fri, 7 Feb 2020 at 3:59 PM, Johan Helsingius <julf@julf.com> wrote:
The fact is that people click on links and do searches, they don't type in domain addresses.
Anyway, how do you know "mybankinfo.com" is a safe site in the first place? And if someone can steal credentials or place malware, looking at the URL won't help.
Julf
On 07-02-2020 20:52, Dev Anand Teelucksingh wrote:
A large problem is when bad persons obscure the domains of companies in phishing campaigns so that persons go to the bad persons' website on another domain and steal their credentials or get malware installed.
So say you get an email link from a trusted person whose been hacked saying - "hey we're not sure your paycheck was delivered to mybankinfo. Can you login to mybankinfo.com.paymentlogin.info <http://mybankinfo.com.paymentlogin.info> and check? The challenge is that persons may just see "mybankinfo.com <http://mybankinfo.com>" and assume they are going to the mybankinfo.com <http://mybankinfo.com> site. And because they clicked on the link, how would the browser "know" what the site you really intended to go to?
Dev Anand
On Fri, Feb 7, 2020 at 3:04 PM Johan Helsingius <julf@julf.com <mailto:julf@julf.com>> wrote:
On 07-02-2020 19:49, Dev Anand Teelucksingh wrote: > Hmm....How would persons know what is the website they are viewing on > without the URL?
How many users check out the website info in URLs anyway? How will they know that Mybankinfo.com is OK, but mybank.info <http://mybank.info
isn't?
Shouldn't it be the job of the browser to check if the web site is the one you want to talk to (based on certificates)?
Julf
_______________________________________________ ttf mailing list ttf@atlarge-lists.icann.org <mailto:ttf@atlarge-lists.icann.org> https://mm.icann.org/mailman/listinfo/ttf
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ ttf mailing list ttf@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/ttf
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ ttf mailing list ttf@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/ttf
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.