I am so tempted to submit a novel manuscript after running it through this. Just to torture one particular editor (who has done much to deserve it) ...
That Unicode is a nightmare is not news. This same sort of thing has been done with websites to mimic a real site (and hey, it even has a valid SSL/TLS cert, because despite looking identical, it's a different host name), though I don't know if it has been done other than as proof of concept.
Incidentally, this is one of the reasons that IDNs (International Domain Names) aren't being used that widely - because Network Solutions implemented them in a truly cack-handed manner. They let people register any kind of domain name that could be typed in Unicode and converted into a somewhat hacky format behind the scenes, and that was fine if you wanted ☃.com (☃.com) which was obviously a snowman. But they also let people potentially register e.g. аррlе.com. (The a, p and e in that domain are cyrillic characters that are visually indistinguishable from their latin equivalents.)
Because of that, many browser vendors decided to treat IDNs as insecure by default - because the most obvious use was as really, really good phishing sites - and nobody got to use accented characters in URLs. Thanks a bundle, Network Solutions.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2015-10-26 11:05 pm (UTC)(no subject)
Date: 2015-10-27 09:47 am (UTC)(no subject)
Date: 2015-10-27 03:08 pm (UTC)(no subject)
Date: 2015-10-27 03:38 pm (UTC)(no subject)
Date: 2015-10-27 04:57 pm (UTC)(no subject)
Date: 2015-10-27 08:03 pm (UTC)(no subject)
Date: 2015-10-27 08:08 pm (UTC)Because of that, many browser vendors decided to treat IDNs as insecure by default - because the most obvious use was as really, really good phishing sites - and nobody got to use accented characters in URLs. Thanks a bundle, Network Solutions.
(no subject)
Date: 2015-10-31 07:52 am (UTC)