This month, the Internet Corporation for Assigned Names and Numbers (ICANN) approved domain names written using non-Latin scripts, such as Cyrillic and Kanji. While this is an appropriate recognition of the international character of the internet, I worry that there will be serious problems with both usability and security.
Starting with usability, many people will soon be in the position of being unable to input the universal resource locater (URL) for various websites using their existing keyboard. On-screen keyboards are an option, but they are annoying to use and there will be confusion regarding characters that look identical (or nearly so) yet actually differ.
The latter problem leads to the major security concern: namely, that people will use identical looking characters (homographs) to trick users into thinking they are actually at a different site. For instance, someone could register ‘sindark.com’ where the lower-case ‘a’ is the Unicode character U+0430 (from the Cyrillic alphabet), rather than the identical-looking Unicode character U+0061 (from the Latin alphabet).
This isn’t much of a threat for a blog, since people don’t enter sensitive information here, but it might make attacks against banks and commerce sites even easier than at present. The designers of web browsers are considering various methods for countering this threat – such as highlighting non-Latin characters somehow, or creating blacklists of fake sites – but it seems virtually certain that at least a few scams will succeed before good solutions are developed.
Personally, I hope browser manufacturers offer users the option of disabling non-Latin domain names entirely, until such a time as some desirable content appears on sites that don’t use them and mechanisms to prevent abuse have been demonstrated successfully.
