Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There should be simple highlighter on the domain name in the browser so you can easily see:

airbnb.com.rooms-040349.town vs airbnb.com

Or some kind of script that can recognize likely b.s. for common domains. Now that I say it, it probably already exists.




That seems like a great idea!

Why doesn't the url bar highlight the domain? Given how security-critical it is compared to the rest of the URL, why is it not bold and obvious?

It seems so easy for browser vendors to implement...


I think you may be saying this sarcastically, but in response to the comment you replied to, at least my browser (Firefox) does do this. On this page, "ycombinator.com" is highlighted in white.


No sarcasm.

Chrome does not display any significant difference... or if it does, it's too subtle for my 20-40 vision.

Firefox is noticeable, now that you mention it. I never noticed before. A for effort, C- for execution?

Given the security implications, how about bold and blue? Maybe even a bigger font size? It should stand out, no?


Perhaps even a color chosen based on a hash of the domain name, so a visually similar domain name (e.g. goog1e.com) shows in a different color than the user is used to.


I'm in Firefox right now, and it took me four looks to notice that. The contrast could definitely be higher.


I noticed it a while ago, but I think underline or maybe a different colour (blue?) would be much better.

(Are there any scripts that don't work at all with an underline? Bold not working for Chinese is a reason a bold domain isn't really an option.)


And the people who would install it are already aware it's a thing and are more security conscious than most. In other words, preaching to the choir.


1Password makes it very easy to spot these. If you click on the 1Password icon in your browser and you don't see your account, you're not on the official/right/real domain name.


This works if the website never switches domains based on location or product or what have you.


Browsers should flag .com.

It's pretty unbelievable that in 2020 your browser just les this through


Presumably you mean airbnb.𝗰𝗼𝗺.rooms-040349.town

But this only works for .com, whereas worldwide there are plenty of two-letter TLDs, which are often used as subdomains (e.g. dk.ebay.com and www.ebay.dk.).


I mean they should flag \*.com.thing where thing is anything other than a valid country top-level domain like au.

It's not perfect but it would make this type of phish a lot harder.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: