Just when you thought it was safe – internationalized domain names

ICANN, the governance body responsible for policy relating to Internet domain names, recently voted in favour of adding Internationalized Domain Names to the Internet.

Internationalized Domain Names are domain names which do not use the English a-z and 09 characters previously required by the domain name system. Under the new system for example, a domain name might be entirely in Chinese characters. The aim is to make it easier for those users who do not have English as a language to use the Internet (if you look at the primary language in the home location of most users, there are more Internet users from non-English countries than from English).

Internationalized Domain Names have been around for quite some time though. Software developed in the late 90s and early 2000s enabled translation of Latin characters into other character sets. So while the ability to use different characters in domain names has been available for quite some time, it hasn’t officially been baked into the domain name system (sometimes even the Internet moves slowly!).

Any change to the domain name system brings with it new opportunities for abuse. Hackers have had many years to think of ingenious ways to divert users from their intended destination. One of the most common was to register a domain name in a character set that looked visually similar to English, but being a different character set, would be an entirely different domain and different website. For example, the Cyrillic characters ‘а’, ‘е’, and ‘р’ all look very similar to the Latin ‘a’, ‘e’ and ‘p’. Imagine trying to tell the difference between “paypal.com” and “paypal.com”! Specific case rules were built into browsers to combat these issues.

Whether this will be a significant issue when international domain names are more widely used remains to be seen.

[Photo credit: hermanusbackpackers’]

%d bloggers like this: