

If you get an email from a big company saying you're a match for a job, and then asks you to log in using Facebook, you're staring down the barrel of a scam. https://www.pickr.com.au/news/2025/scammers-turn-to-fake-job-emails-and-fake-facebook-what-to-do #howto #news #online #internetsecurity #mcafee #phishing #scams
As far as the Small Web is concerned, that’s a fact of life we have to contend with (I’d much prefer a decentralised system like DANE had succeeded) but I definitely don’t want more hurdles and/or information. You want to be anonymous on your personal site? Go right ahead. There’s no reason to prove that a person quite possible exploring an aspect of themselves at rainbows-and-butterflies.org is actually Jane Someone.
We just have different use cases, basically.
Unreadable domain names will make even more people skip looking at their browsers address bar.
A (quick&dirty) mockup of what I'd like browsers to show in case of an IPv6 address, can be seen below (of course I'm fully open to discussion regarding layout, contents and the "one year" period).
Note: important is that the user can distinguish between such information provided by the browser, to not be fooled by a webpage that fakes such info (how is probably device-, OS- and browser-dependent).
If ownership information *is* available in the certificate, the browser should show that - and provide an indication of the *reliability* of such information.
#Phishing#PhishingPrevention#SecureTheInternet #SaferInternet
Phishing means that an adversary *claiming to be* someone you know (including friends and family) convinces you to click on a link.
The purpose of a certificate, telling a receiver *WHO* (human readable) owns the associated private key (the last resort to distinguish between fake and authentic), now has completely vanished.
As if phishing is not already the nr. 1 problem on the internet.
Note: I'm fine with the idea provided that browsers clearly inform users about the reliability of authenticity (I've read your article, did you read https://infosec.exchange/@ErikvanStraten/113079966331873386 ?)
#Phishing#LetsEncrypt#DNS#DomainNames#Identification#Authentication
*NOT*
Meaningless, unreadable & impossible to remember long domain names that do not fit in address bars of mobile browsers...
And adding '[' and ']' to make even more people skip reading address bars because they don't understand what's in it.
Phishers will love them though.
This is a bonfire demo instance for testing purposes