Chrome uses a sophisticated system to determine if an IDN might be spoofing another website.

While researching end user sales at Sedo yesterday, I visited öttö .de, which sold for €2,000. This is what I saw when I visited it:

A Google Chrome warning shows that the domain I'm visiting might be a spoof because of an IDN

Sponsored

This is the first time I’ve come across this warning. Google started showing warnings like this in about Chrome 75 and started treating Internationalized Domain Names (IDNs) differently beginning with Chrome 51. (We’re now at Chrome 100+).

IDNs are controversial. On the one hand, they can be great for people who use non-Latin scripts. On the other hand, they can trick web users into visiting sites with “look-alike” URLs.

For example, consider this domain:

A URL that looks like eBay, but has a Cryillic A character

It looks like the domain of the popular site for auctioning and selling goods. But it actually uses a Cyrillic “a” and is a different domain than ebay.com. The issue becomes incredibly complex when domains have mixed scripts like this example.

So Chrome has a decision tree for deciding when to show a domain in Unicode (essentially, how it looks visually) or Punycode, which is a translation of the URL that looks like xn--bb-eka .tld.

Sponsored

That decision tree is very complex, and it would seem that some URLs could slip through the cracks.

Chrome’s developers also provide suggestions for domain owners who register IDNs for defensive purposes to prevent these from being flagged in Chrome.

As for öttö .de, the domain was registered with BrandShelter, which suggests the owner of otto.de might have acquired it.

Post link: Visit an IDN? Google might warn you

© DomainNameWire.com 2022. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Original article: Visit an IDN? Google might warn you

©2022 Domain Observer. All Rights Reserved.