• MangoPenguin@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      26
      ·
      edit-2
      1 year ago

      Looks like it’s already flipped to true in Librewolf, glad they seem to have some common sense compared to mozilla.

      Is there any good reason for a browser to mask the real URLs like that? There seems to be a trend of hiding parts of the URL people see lately.

      • Turun@feddit.de
        link
        fedilink
        English
        arrow-up
        27
        ·
        1 year ago

        Yes, because the internet is not restricted to English letters.

        Just imagine you had to visit アップル instead of apple.com! And most importantly, would you trust yourself to see the difference that and say プッアル consistently without seeing the real reference?

        Just to be clear, I hate it when the browsers hides part of the url too. Show me the https god damn! But internationalization is a good thing, as it makes the internet accessible to more people.

      • NaN@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        21
        ·
        1 year ago

        People who use those characters benefit from it. I imagine 點看 is more useful than xn–c1yn36f to a Chinese person. That’s also why Google displays them that way.

        It would be nice if browsers warned when International Domain Names were in use, and provided the option to disable punycode when first encountered.

        • 9point6@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          ·
          edit-2
          1 year ago

          This is the big thing that should be happening, even just a little icon in the bar when it’s happening to switch between the two representations.

    • Onyx376@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Does anyone using Mullvad Browser know why this setting is not enabled by default? I just checked. If it is important for security it should be.

  • JoeKrogan@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    Another reason to stick to your distro repositories. This should totally be disabled by default for modern browsers.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    This is the best summary I could come up with:


    Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.

    Combining the ad on Google with a website with an almost identical URL creates a near perfect storm of deception.

    “Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain,” Jérôme Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post Wednesday that revealed the scam.

    The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.

    When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long.

    Another option is to inspect the TLS certificate to make sure it belongs to the site displayed in the address bar.


    The original article contains 422 words, the summary contains 157 words. Saved 63%. I’m a bot and I’m open source!