this post was submitted on 18 May 2024
229 points (93.5% liked)

Privacy

31872 readers
244 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I didn't know my city was cool enough to put signal flyers.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 30 points 5 months ago (2 children)

Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn't know there was a name for this sort of attack.

[–] [email protected] 13 points 5 months ago

Punycode enables you to encode any Unicode character as ASCII. Almost all browsers support this.

[–] [email protected] 22 points 5 months ago* (last edited 5 months ago) (1 children)

Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)

[–] [email protected] 6 points 5 months ago (1 children)

They'd still resolve via DNS to an address in ASCII though, right? Wouldn't that only be an issue if ICANN didn't have a monopoly on DNS registration? i.e what we already depend on for a semblance of convenience without totally compromising opsec

[–] [email protected] 9 points 5 months ago* (last edited 5 months ago)

It utilizes punycode under the hood. The actual DNS entries still use ASCII.