- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
Arguably more security than privacy, but this made me think. I havent considered the use of ambiguous fonts in phishing before. Worth reading.
They could add a lowercase to FE-Schrift (i.e. the German licence plate typeface, which was designed to make it very difficult to make any glyph look like anything but itself) and use that for the URL field.
Atkinson Hyperlegible would be a good starting point but I don’t know how you could extend it to all of Unicode.
In addition, if you attempt to visit a site that is a homograph of one already in your browser history the browser should show a warning, highlight the similarity and force you to confirm you want to proceed.
Makes sense that they can’t figure out how to instruct people to change their browser’s DNS settings


