this post was submitted on 19 Oct 2023
269 points (99.3% liked)

Privacy Guides

16270 readers
3 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 47 points 1 year ago (6 children)

disable unicode representation of these types of domains in firefox by flipping this setting (in about:config) from the default 'false' to TRUE:

network.IDN_show_punycode

so you see xn--80ak6aa92e.com instead of аррӏе.com

compare to (the real deal): apple.com

[–] [email protected] 27 points 1 year ago* (last edited 1 year ago) (4 children)

Looks like it's already flipped to true in Librewolf, glad they seem to have some common sense compared to mozilla.

Is there any good reason for a browser to mask the real URLs like that? There seems to be a trend of hiding parts of the URL people see lately.

[–] [email protected] 28 points 1 year ago (1 children)

Yes, because the internet is not restricted to English letters.

Just imagine you had to visit アップル instead of apple.com! And most importantly, would you trust yourself to see the difference that and say プッアル consistently without seeing the real reference?

Just to be clear, I hate it when the browsers hides part of the url too. Show me the https god damn! But internationalization is a good thing, as it makes the internet accessible to more people.

[–] PixxlMan 13 points 1 year ago

Stop it! The only words that matter are those that can be written in ASCII! The rest of the world just wants to scare you with gibberish letters!

[–] [email protected] 22 points 1 year ago (1 children)

People who use those characters benefit from it. I imagine 點看 is more useful than xn--c1yn36f to a Chinese person. That’s also why Google displays them that way.

It would be nice if browsers warned when International Domain Names were in use, and provided the option to disable punycode when first encountered.

[–] 9point6 13 points 1 year ago* (last edited 1 year ago)

This is the big thing that should be happening, even just a little icon in the bar when it's happening to switch between the two representations.

[–] [email protected] 9 points 1 year ago

To have other languages able to be displayed in the title... e.g. https://wiki.ポケモン.com/wiki/%E3%83%A1%E3%82%A4%E3%83%B3%E3%83%9A%E3%83%BC%E3%82%B8

[–] [email protected] 2 points 1 year ago

You may have gotten me to switch browsers

[–] [email protected] 5 points 1 year ago

Does anyone using Mullvad Browser know why this setting is not enabled by default? I just checked. If it is important for security it should be.

[–] shotgun_crab 3 points 1 year ago

Oh so that's what punycode means, I always wondered what it meant

[–] RealFknNito 2 points 1 year ago

Wouldn't you also be able to hover the link and check the URL in the bottom left?

[–] crypticthree 45 points 1 year ago

Can't imagine why ublock is so popular

[–] [email protected] 27 points 1 year ago (1 children)
[–] [email protected] 9 points 1 year ago

They have failed one of their code jobs: validating advertisements are legitimate. I don't know why any legitimate company would advertise with google as you get associated with the scams they allow on their ad platform.

[–] JoeKrogan 19 points 1 year ago

Another reason to stick to your distro repositories. This should totally be disabled by default for modern browsers.

[–] [email protected] 10 points 1 year ago

The program doesn't even need to change much. Just be keepass with a backdoor. Yikes.

[–] [email protected] 8 points 1 year ago

Say it louder for the people at the back: adblock is a basic cybersecurity measurs

[–] [email protected] 8 points 1 year ago

This is the best summary I could come up with:


Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.

Combining the ad on Google with a website with an almost identical URL creates a near perfect storm of deception.

“Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain,” Jérôme Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post Wednesday that revealed the scam.

The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.

When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long.

Another option is to inspect the TLS certificate to make sure it belongs to the site displayed in the address bar.


The original article contains 422 words, the summary contains 157 words. Saved 63%. I'm a bot and I'm open source!

[–] [email protected] 2 points 1 year ago

That's kinda crazy, as it would look like a speck on the screen. I wish I could see the actual site, and see if there is something else sus about it. When I download important things like password managers, I usually try to be extra careful, double check the URL and do the hash check.