Hello David, Were pairs like 1 and l , 0 and o in latin script analyzed? (it might give better perception of what it going on and if the confusion is limited to IDNs or is it a general issue) Sincerely Yours, Maxim Alzoba Special projects manager, International Relations Department, FAITID m. +7 916 6761580(+whatsapp) skype oldfrogger Current UTC offset: -5.00 (Panama)

On 27 Jun 2018, at 10:56, David Conrad <david.conrad@icann.org> wrote:

I suspect that might be triggered by:

https://info.farsightsecurity.com/farsight-idn-research-report?utm_source=ne... <https://info.farsightsecurity.com/farsight-idn-research-report?utm_source=ne...>

From the executive summary:

Among the key findings:

100M total IDN resolutions observed; 27M unique fully qualified domain names (FQDNs)

8,000 IDN homographs representing or containing a top global brand name

Unicode “confusables” make up a significant percentage of the characters found in IDNs; 91% of all characters observed in IDN homographs are considered “confusable” -- a “confusable” is a Unicode code point that is often easily confused with other characters, ligatures, and/or digraphs.

Brands in banking and other related sectors are frequently imitated using IDN homographs with ~750 unique FQDNs observed per month

91% of IDN homographs offered some sort of webpage

We found clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names

66% of all IDN homograph IP addresses were found to be geolocated in the United States

93% of IDN homograph FQDNs had IPv4-based address records

Regards, -drc

...

On Jun 27, 2018, at 10:27 AM, Andrew Sullivan <ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>> wrote:

I see, via Slashdot, that the BBC is once again promoting this problem:

https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-d... <https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-d...>

A -- Andrew Sullivan ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>

Hi David, I meant to that it might be good to avoid misconception of "IDN only issue". (unfortunately I downloaded it and read) The Report itself does not have anything about latin script issues. P.s: they even failed to check which TLD are using Cyrillic Russian script (done easily via IANA script page https://www.iana.org/domains/idn-tables ) for example did not mentioned (and most probably did not review) .москва(.xn--80adxhks) with 15k domains, but mentioned .дети(xn--d1acj3b) with <1.5k P.P.s: reviews which see wiki as a creditable source of information are ... entertaining Sincerely Yours, Maxim Alzoba Special projects manager, International Relations Department, FAITID m. +7 916 6761580(+whatsapp) skype oldfrogger Current UTC offset: -5 (Panama)

On 27 Jun 2018, at 11:15, David Conrad <david.conrad@icann.org> wrote:

Hi Maxim,

You mean you want me to actually read the paper instead of just the executive summary? :)

(A bit buried right now during the ICANN meeting)

Regards, -drc

...

On Jun 27, 2018, at 11:02 AM, Maxim Alzoba <m.alzoba@gmail.com <mailto:m.alzoba@gmail.com>> wrote:

Hello David,

Were pairs like 1 and l , 0 and o in latin script analyzed? (it might give better perception of what it going on and if the confusion is limited to IDNs or is it a general issue)

Sincerely Yours,

Maxim Alzoba Special projects manager, International Relations Department, FAITID

m. +7 916 6761580(+whatsapp) skype oldfrogger

Current UTC offset: -5.00 (Panama)

...

On 27 Jun 2018, at 10:56, David Conrad <david.conrad@icann.org <mailto:david.conrad@icann.org>> wrote:

I suspect that might be triggered by:

https://info.farsightsecurity.com/farsight-idn-research-report?utm_source=ne... <https://info.farsightsecurity.com/farsight-idn-research-report?utm_source=ne...>

From the executive summary:

Among the key findings:

100M total IDN resolutions observed; 27M unique fully qualified domain names (FQDNs)

8,000 IDN homographs representing or containing a top global brand name

Unicode “confusables” make up a significant percentage of the characters found in IDNs; 91% of all characters observed in IDN homographs are considered “confusable” -- a “confusable” is a Unicode code point that is often easily confused with other characters, ligatures, and/or digraphs.

Brands in banking and other related sectors are frequently imitated using IDN homographs with ~750 unique FQDNs observed per month

91% of IDN homographs offered some sort of webpage

We found clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names

66% of all IDN homograph IP addresses were found to be geolocated in the United States

93% of IDN homograph FQDNs had IPv4-based address records

Regards, -drc

...

On Jun 27, 2018, at 10:27 AM, Andrew Sullivan <ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>> wrote:

I see, via Slashdot, that the BBC is once again promoting this problem:

https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-d... <https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-d...>

A -- Andrew Sullivan ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>

I had this discussion many times. It is a sort of “general issue”, in the sense that it is a general fact of life. The wider the set, the more likely it is that two elements are “confusingly similar”. If you limit yourself to letter or numbers, the chances for confusion are very limited, or non-existent. However, if you join the two sets, you start having potential confusion. What irritates me is the use of this “potential confusion” as an excuse for not further widening the set joining different scripts. Colors are confusing. The world would be much simpler if we had only black and white. Daltonism would no longer be a problem! Sorry for the rant R On 27.06.2018, at 11:02, Maxim Alzoba <m.alzoba@gmail.com<mailto:m.alzoba@gmail.com>> wrote: Hello David, Were pairs like 1 and l , 0 and o in latin script analyzed? (it might give better perception of what it going on and if the confusion is limited to IDNs or is it a general issue) Sincerely Yours, Maxim Alzoba Special projects manager, International Relations Department, FAITID m. +7 916 6761580(+whatsapp) skype oldfrogger Current UTC offset: -5.00 (Panama) On 27 Jun 2018, at 10:56, David Conrad <david.conrad@icann.org<mailto:david.conrad@icann.org>> wrote: I suspect that might be triggered by: https://info.farsightsecurity.com/farsight-idn-research-report?utm_source=ne... From the executive summary: Among the key findings: 100M total IDN resolutions observed; 27M unique fully qualified domain names (FQDNs) 8,000 IDN homographs representing or containing a top global brand name Unicode “confusables” make up a significant percentage of the characters found in IDNs; 91% of all characters observed in IDN homographs are considered “confusable” -- a “confusable” is a Unicode code point that is often easily confused with other characters, ligatures, and/or digraphs. Brands in banking and other related sectors are frequently imitated using IDN homographs with ~750 unique FQDNs observed per month 91% of IDN homographs offered some sort of webpage We found clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names 66% of all IDN homograph IP addresses were found to be geolocated in the United States 93% of IDN homograph FQDNs had IPv4-based address records Regards, -drc On Jun 27, 2018, at 10:27 AM, Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> wrote: I see, via Slashdot, that the BBC is once again promoting this problem: https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-d... A -- Andrew Sullivan ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>