Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
cartel
- Lunatic
- Posts: 475
- Joined: 2014-03-16, 21:57
- Location: Chilliwack, BC
Unread post
by cartel » 2023-02-12, 11:24
When I try to open this link: https://www.bіtchutе.com/video/1fqAKgpoovGp/
I get:
Code: Select all
https://www.xn--btchut-8of2x.com/video/1fqAKgpoovGp/
Did I screw something up?
thanks
-
Nuck-TH
- Project Contributor
- Posts: 197
- Joined: 2020-03-02, 16:04
Unread post
by Nuck-TH » 2023-02-12, 11:32
this means that domain name has non-latin characters, usually meaning that it is obfuscated fake.
prefix itself is part of URL encoding named Punycode, which is used to encode unicode characters into strictly latin URL.
-
Pentium4User
- Board Warrior
- Posts: 1114
- Joined: 2019-04-24, 09:38
Unread post
by Pentium4User » 2023-02-12, 12:56
That is called IDN and offers non-ASCII characters in domains, like störenfried.de or москва.рф.
Some people use them to offer links that look like another address, like exchanging Latin a with Cyrillic а (depending if the TLD allows it).
The profile picture shows my Maico EC30 E ceiling fan.
-
Moonchild
- Pale Moon guru
- Posts: 35478
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2023-02-12, 13:01
Also note that IDNs by default in Pale Moon will be indicated in the identity box in their punycode form.
See also:
viewtopic.php?f=24&t=15583
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
cartel
- Lunatic
- Posts: 475
- Joined: 2014-03-16, 21:57
- Location: Chilliwack, BC
Unread post
by cartel » 2023-02-12, 13:15
thanks for the replies.
So the link I posted has ascii art disguised as dots and such?
Like when I open that link by highlighting it and rightclick open link, I get a invalid address, www.xn--
Code: Select all
https://www.bitchute.com/video/1fqAKgpoovGp/
real
Code: Select all
https://www.bіtchutе.com/video/1fqAKgpoovGp
fake
I cant see it right here, thats interesting, but if I highlight and open, they both do different things.
So how do I stop that from happening again please, just so I know.
-
gepus
- Keeps coming back
- Posts: 938
- Joined: 2017-12-14, 12:59
Unread post
by gepus » 2023-02-12, 16:17
If you hover over a link you can see if it is fake.
I made an HTML-file with the fake address for visualization:
-
Attachments
-
-
Moonchild
- Pale Moon guru
- Posts: 35478
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2023-02-13, 18:52
cartel wrote: ↑2023-02-12, 13:15
I cant see it right here, thats interesting, but if I highlight and open, they both do different things.
If you check both links in ANSI encoding (e.g. in notepad++), you can easily see how it was spoofed:
Code: Select all
https://www.bіtchutе.com/video/1fqAKgpoovGp
https://www.bitchute.com/video/1fqAKgpoovGp/
The "i" and "e" of "bitchute" were replaced with "lookalike" characters from extended language ranges in UTF-8. Specifically "і" (dotted i from Cyrillic) and "е" (Ye, also in Cyrillic)
UTF-8 capable applications like web browsers and most modern text editors will display it visually (almost) identical (depending on the font in use there might literally 0 difference in how it's displayed).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
RealityRipple
- Astronaut
- Posts: 647
- Joined: 2018-05-17, 02:34
- Location: Los Berros Canyon, California
-
Contact:
Unread post
by RealityRipple » 2023-02-14, 09:02
This is why serif fonts with non-duplicate characters should be a security requirement for so many URI displays. It astounds me that literally every browser uses sans-serif for their address bar.
-
cartel
- Lunatic
- Posts: 475
- Joined: 2014-03-16, 21:57
- Location: Chilliwack, BC
Unread post
by cartel » 2023-02-14, 10:31
Moonchild wrote: ↑2023-02-13, 18:52
cartel wrote: ↑2023-02-12, 13:15
I cant see it right here, thats interesting, but if I highlight and open, they both do different things.
If you check both links in ANSI encoding (e.g. in notepad++), you can easily see how it was spoofed:
Code: Select all
https://www.bіtchutе.com/video/1fqAKgpoovGp
https://www.bitchute.com/video/1fqAKgpoovGp/
The "i" and "e" of "bitchute" were replaced with "lookalike" characters from extended language ranges in UTF-8. Specifically "і" (dotted i from Cyrillic) and "е" (Ye, also in Cyrillic)
UTF-8 capable applications like web browsers and most modern text editors will display it visually (almost) identical (depending on the font in use there might literally 0 difference in how it's displayed).
thanks. Now I can undersand what going on there.
-
Moonchild
- Pale Moon guru
- Posts: 35478
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
-
Contact:
Unread post
by Moonchild » 2023-02-14, 14:23
RealityRipple wrote: ↑2023-02-14, 09:02
serif fonts with non-duplicate characters
I don't think it has much to do with being serif or sans-serif, but rather with the non-duplicate nature of the characters.
These characters are very very similar (or identical) in many serif fonts too.
What actually astounds me is that IDNs were accepted as a standard, knowing full-well the risks of spoofing from the start. And it actually never took off either - I barely ever see IDNs being in use these days. And it's been years since they introduced it.
-
Attachments
-
- Image1.png (3.82 KiB) Viewed 1279 times
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
RealityRipple
- Astronaut
- Posts: 647
- Joined: 2018-05-17, 02:34
- Location: Los Berros Canyon, California
-
Contact:
Unread post
by RealityRipple » 2023-02-15, 09:21
Moonchild wrote: ↑2023-02-14, 14:23
RealityRipple wrote: ↑2023-02-14, 09:02
serif fonts with non-duplicate characters
I don't think it has much to do with being serif or sans-serif, but rather with the non-duplicate nature of the characters.
These characters are very very similar (or identical) in many serif fonts too.
What actually astounds me is that IDNs were accepted as a standard, knowing full-well the risks of spoofing from the start. And it actually never took off either - I barely ever see IDNs being in use these days. And it's been years since they introduced it.
The serif portion is to prevent things like "m/rn" confusion.