Is this apple.com or not?

If you see https://apple.com in your browser you have been successfully phished ala homograph!


Essentially the website creator has entered a specific type of unicode character set within the domain's url which is then interpreted by your browser as plain text. To make it appear more official and secure (which it actually is) the demo utilizes LetEncrypt's ssl service.

Chrome (and assuming Chromium) has a bug fix on the way and some variations of IE/Edge are not affected. But these are garbage malware/spyware masquerading as browsers. They track you mercilessly and sell your data and are closed sourced and have colluded with the NSA/FBI/CIA/Five Eyes et al in the past.

Firefox, open source and libre/free, on the other hand has explained this issue isn't the browser but the domain registrars themselves that permit dodgy behavior in an attempt cannibalize their competitors. Some permit unicode in domain registrations because most don't = more [often shady] customers. The bug is hotly contested between users and Mozilla developers. Here is Mozilla's official position on the issue:

Our response to this issue is that in the end, it is up to registries to make sure that their customers cannot rip each other off. Browsers can put some technical restrictions in place, but we are not in a position to do this job for them while still maintaining a level playing field for non-Latin scripts on the web. The registries are the only people in a position to implement the proper checking here. For our part, we want to make sure we don't treat non-Latin scripts as second-class citizens.

If you do not require special non-latin languages (e.g. you speak a variation of english) its easy enough to manually make a change by simply navigating to:

about:config
network.IDN_show_punycode: false

You'll need to change the false to true. Thanks to Xudong Zheng and Markzilla for this sharing this information.

If you are concerned about your privacy gripfastistech.com is your place for tips, how-to and best-practices to maximize your rights online. Subscribe to our blog for the latest news and contact us (or leave a comment) to discuss what you can do to protect yourself, your identity and your business online.

About the Writer
Chris Lessley
Author: Chris Lessley
A server admin, dev ops warrior and website designer since 2002, Chris is a lover of all things Linux and open-source! Each blog topic has been tested by fire in the real world and shared with the hope to help others. Need more help? Hire me! Chris' other interests include fine art and the humanities in the classical tradition and can be found writing for our friends over at gripfastart.works. If you like this content, kindly consider donating to keep this website free to all, without ads.

Comments powered by CComment

Member of The Internet Defense LeagueOpen Source Initiative