While this is a very special and interestng use of this attack vector, I do think it often gets too much focus, mostly because it's ignoring a much bigger problem: The average person doesn't even know what the legit URL of a website should even be, and that starts with the TLD. Was it .com? Or maybe .org? Maybe some country-TLD or maybe one of the thousands of new TLDs like .world or .finance? If you don't have a perfect memory of every URL of all the websites you're using, being able to inspect the exact shape of each letter isn't going to help you.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
TIL I'm not the average web user. Not suprising, since I use Arch (btw), and I've done web dev projects. Do average people really just look up the url every time?
My dad used to put "Google" in the omnibar (adressbar), hit enter, then click the first Yahoo search result for google.com, then enter his actual search query into Google.
Remarkable.
that’s why mono fonts are best
Doesn't need to be mono to fix it. Look at Atkinson Hyperlegible
mono fonts just address this consistently as opposed to case by case for sans serif type
And wouldn't you know, the Wall Street Journal revealed that the Polymarket set up a fake version of their website and named it PoIymarket. (Did you catch it?)
PoIymarket (spelled with a capital "i" instead of a lower case "l"), is a fake version of their platform.
what difference a mono font would make with the I & l difference?
It would make those characters more distinct. Should be able to see it here with a code line. The letter O and the number 0 also have more noticeable differences that go beyond what serif fonts can do
Capital I
Lowercase l
Number 1
Capital O
Number 0
i thought this is common knowledge with tech people. I heard years ago about swapping of the cyrillic „a“, maybe thats why.
Yeah. Here are some resources for interested people
I̶̹͊̂ ̵̢̮̬̻͙̹̦͈̜͕̖̠̱͒̃͗̎̑̕͠o̸̧̬̜͚͕̠͍̓̾̉n̷̥͔͕͈̭̦̲͓̼͍̣̪̝͗̀̓͗͜ḷ̵̢̛̅̓̓̐͝y̶̧̨̢̠͙̰͍̖̞͍͙̳̩̠͈̋͋͒̍̏̓͂̋͘̚͘ ̴̢͎͇͍͉̗̭̎͜͠ṷ̴̱̺̣͚̱̀̄͆͛̈́̀͗͒̓̇̓̇s̶̠̮͂̌̾̋ͅe̸̡̢̛̦̻̙͉͂̓́̉̏̅̓̓̒̋͘͝ ̶̢̡̬̩̯̫̱̪̫͚̱͓͉̗͑͜Ż̶͕̮͔̙̜̞̕͝a̸̡͂͛̽̓͆͌̅l̶̛͖̼̲͚̳̓͐͂̊̒͂̄͂́̿̎̒͊̒̕ǵ̶̰̩̮̹̤̺̫̥̹̹͙̌͆͋̒o̶̧̲̟̬̻̳͖͗̉̈́̓͌͗̿̅͌̂͆̈͘̕̕ ̷̡̙̩̰̦̯̄́̿͠F̶͔͙̱̞̘̯͇͖͍̱͍͖̺̯͋́̑̓̀̈́͌̍̏͌̉̄̋̇͘͜͝o̵̮̫͖̙̟͈̬̽̃̔̇̔̈́́͒̏̃͐͘͘͘ͅn̶̨̞̠͖͓̗͕̙͈̙̥̟̈́̈́̔̃̓̿͂̆̈́̌ṱ̸̢̧̩̗̮͔͔̲̖̺̯͇̩̟̈́̈́͗̊̐̈́̐͆̽̄̂̔̇͒̚ͅ