> There are hacky ways to show some homoglyph attacks, like punycode.
Been thinking about this recently. Is there a risk when?:
• User has a preferred character set determined by preferred language (many people will have only one preferred character set even with multiple languages).
• Display all domain names, which are written in that character set, using that character set. For example, Αθήνα.ελ for monolingual Greek speakers.
• Display all other domain names — if even one character is outside that character set — in whatever other fallback mechanism you’re already using. My preference here would be to invert the colour scheme (background colour becomes foreground and vice versa) for each out-of-charset character, partly to draw explicit attention to homoglyphs, partly because it’s least invasive for most likely domains, but mainly because the fallback part is what I’ve put least mental effort into. This way, for monolingual Greek speakers Αθήνα.ελ looks normal and Google.com is inverted, for monolingual English speakers it’s the other way around, and both will spot something strange with gοοgle.com (the ‘ο’s being Greek omicrons rather than the 15th letter of the Latin alphabet).
Been thinking about this recently. Is there a risk when?:
• User has a preferred character set determined by preferred language (many people will have only one preferred character set even with multiple languages).
• Display all domain names, which are written in that character set, using that character set. For example, Αθήνα.ελ for monolingual Greek speakers.
• Display all other domain names — if even one character is outside that character set — in whatever other fallback mechanism you’re already using. My preference here would be to invert the colour scheme (background colour becomes foreground and vice versa) for each out-of-charset character, partly to draw explicit attention to homoglyphs, partly because it’s least invasive for most likely domains, but mainly because the fallback part is what I’ve put least mental effort into. This way, for monolingual Greek speakers Αθήνα.ελ looks normal and Google.com is inverted, for monolingual English speakers it’s the other way around, and both will spot something strange with gοοgle.com (the ‘ο’s being Greek omicrons rather than the 15th letter of the Latin alphabet).