.bank
Tuesday 10th April, 2007 14:55 Comments: 3
I wrote a nice long post, I submitted it, and it appears it never made it onto here. So here's a quick and dirty recap. Phishing sites often rely upon users typing in wwwmicrosoft.com instead of www.microsoft.com (incidentally, Microsoft owns both domains), and similar typos, because individuals are generally free to register any domain name within the .com, co.uk and several other popular domains. Other Top Level Domains (TLDs) such as .gov, .mil, as well as .ac.uk and .nhs.uk are tightly controlled by organisations that are responsible for the "vertical" (e.g. JANET controls .ac.uk and specifically forbids individuals, and has a strict requirement on eligibility). So my suggestion is we introduce more "verticals". The current TLDs are generally countries across the world. Great if I want to find local content by going to www.vodafone.co.uk instead of www.vodafone.com (incidentally, again, both are owned by Vodafone). But this also makes it easy for someone naughty to register www.vodfone.co.uk in case my A key is a little sticky or something and setup a fake login site for "My Vodafone". So instead of splitting by country, split the TLDs into groups of similar industries/organisations.
You can already see it happening with the .museum domain (the.british.museum and smithsonian.museum, for example), so why not introduce it to banks? Only allow banks to have a .bank domain, and you end up with barclays.bank and natwest.bank. You might be thinking "but bank is very English, what if I'm French?" - well the French banks could have their own .banque domain. This also means you keep the idea of localisation, so global companies would offer local content based on the language of the TLD domain (rather than trying to guess based on IP or making users click a language page). For example, www.barclays.fr could use barclays.banque instead. In short, everything would move away from the .com domain, and similar "risky" TLDs. It doesn't work perfectly, some groups might not know what to use (would computer related companies use .computer - and who would regulate such a broad TLD?), and you'll still get problems with things like Apple (Apple Inc might want apple.music but so might Apple Records), but it's no worse than the current system. Perhaps it's something that's only created for certain "verticals" such as banks and porn (e.g. the controversial .xxx domain).
Of course, none of this helps if the user clicks the www.microsoft.com link without noticing the underlying link goes somewhere else. Showing the address bar and the use of EV certificates (the address bar goes green) isn't going to be of much use to naive/ignorant users that miss all the warning signs, and the more we throw at them the more annoying it gets for other users. User education only works up to a point. After that we should ban them from using a PC, and ban them from having children. Or something like that.
You can already see it happening with the .museum domain (the.british.museum and smithsonian.museum, for example), so why not introduce it to banks? Only allow banks to have a .bank domain, and you end up with barclays.bank and natwest.bank. You might be thinking "but bank is very English, what if I'm French?" - well the French banks could have their own .banque domain. This also means you keep the idea of localisation, so global companies would offer local content based on the language of the TLD domain (rather than trying to guess based on IP or making users click a language page). For example, www.barclays.fr could use barclays.banque instead. In short, everything would move away from the .com domain, and similar "risky" TLDs. It doesn't work perfectly, some groups might not know what to use (would computer related companies use .computer - and who would regulate such a broad TLD?), and you'll still get problems with things like Apple (Apple Inc might want apple.music but so might Apple Records), but it's no worse than the current system. Perhaps it's something that's only created for certain "verticals" such as banks and porn (e.g. the controversial .xxx domain).
Of course, none of this helps if the user clicks the www.microsoft.com link without noticing the underlying link goes somewhere else. Showing the address bar and the use of EV certificates (the address bar goes green) isn't going to be of much use to naive/ignorant users that miss all the warning signs, and the more we throw at them the more annoying it gets for other users. User education only works up to a point. After that we should ban them from using a PC, and ban them from having children. Or something like that.
Yamahito - Thursday 12th April, 2007 09:07
Nice. Do me a favour and go post this at www.halfbakery.com so I can croissant it.
Too much effort, you have to sign up for an account, and it seems like a place where people add their crazy ideas that make people laugh, but no one would seriously make (e.g. builder's bra).