Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Google The Internet IT

Google Pushes New Domains Onto the Internet, and the Internet Pushes Back (arstechnica.com) 50

A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. From a report: Two weeks ago, Google added eight new TLDs to the Internet, bringing the total number of TLDs to 1,480, according to the Internet Assigned Numbers Authority, the governing body that oversees the DNS Root, IP addressing, and other Internet protocol resources. Two of Google's new TLDs -- .zip and .mov -- have sparked scorn in some security circles. While Google marketers say the aim is to designate "tying things together or moving really fast" and "moving pictures and whatever moves you," respectively, these suffixes are already widely used to designate something altogether different. Specifically, .zip is an extension used in archive files that use a compression format known as zip. The format .mov, meanwhile, appears at the end of video files, usually when they were created in Apple's QuickTime format. Many security practitioners are warning that these two TLDs will cause confusion when they're displayed in emails, on social media, and elsewhere. The reason is that many sites and software automatically convert strings like "arstechnica.com" or "mastodon.social" into a URL that, when clicked, leads a user to the corresponding domain. The worry is that emails and social media posts that refer to a file such as setup.zip or vacation.mov will automatically turn them into clickable links -- and that scammers will seize on the ambiguity.
This discussion has been archived. No new comments can be posted.

Google Pushes New Domains Onto the Internet, and the Internet Pushes Back

Comments Filter:
  • by Narcocide ( 102829 ) on Friday May 19, 2023 @12:28PM (#63535167) Homepage

    ... that Google would be trying to make a move to foster ambiguity in search results in order to profit by riding the coat-tails of dark patterns that feed criminal society?! I'm simply shocked! /sarcasm

  • by groobly ( 6155920 ) on Friday May 19, 2023 @12:32PM (#63535175)

    The whole top level domains thing is a bad idea. In the beginning, when it was only .com, .org, .edu, and .mil, it made some sense. But with a universal internet, the likelihood of name collisions makes it a really bad idea. Making more of them is an even badder idea.

    • uh, maybe .net was also in there in the beginning.

    • TLDs should at least make sense, perhaps be run by a country of origin. That way, we know that someone is coming from a specific geographic area. Let countries figure out their own TLD structure.

      I've not seen much good from some of the newer TLDs. Some actually jack the price up by traffic, so if one has a booming site, the renewal might go from $20 a year to a lot more. Even then, it is common for companies to blacklist the TLDs because they also tend to be origins for spam.

      • They should have always been only limited to country. Sure the internet is supposed to be location agnostic but it sure helps to know who or at least where you are dealing with. .com and .net are also stupid since most .net are no longer education or non commercial.
      • by mspohr ( 589790 )

        Unfortunately doesn't work that way.
        Tuvalu TLD .tv has been hijacked (commercially sold and corrupted) by... wait for it... TV

    • by SpzToid ( 869795 ) on Friday May 19, 2023 @01:15PM (#63535343)
      Obligatory XKCD #1963: Namespace Land Rush [explainxkcd.com]
  • Do we remember .com? (Score:5, Informative)

    by jellomizer ( 103300 ) on Friday May 19, 2023 @12:35PM (#63535187)

    For those who used DOS, in the days before windows, as well many other OS's that were Dos like. The executable file were .com the MS DOS prompt was ran with command.com file. Which seems on the internet leads to 3M command tape.

    • by nuckfuts ( 690967 ) on Friday May 19, 2023 @12:48PM (#63535241)

      For those who used DOS, in the days before windows, as well many other OS's that were Dos like. The executable file were .com the MS DOS prompt was ran with command.com file. Which seems on the internet leads to 3M command tape.

      On a sidenote pertaining to companies like 3M and 3COM, the rules for DNS originally did not not permit having a domain name starting with a number (like 3m.com). This was changed in RFC 1123 (October, 1989).

    • by MeNeXT ( 200840 )

      Remember? When was .com disabled in Windows?

      • by davidwr ( 791652 )

        Although there are a few files in Windows that are called ".com" (more.com for one), they are just .EXE-format files in disguise.

        The ".COM" executable file format used in DOS and carried over into some versions of Windows ended long ago.

        Wikipedia "COM file" snapshot [wikipedia.org]

        • by NFN_NLN ( 633283 )

          > they are just .EXE-format files in disguise.

          They are bastardized NOW, but originally .com files were completely different from .exe files.

          "Windows NT-based operating systems use the .com extension for a small number of commands carried over from MS-DOS days although they are in fact presently implemented as .exe files. The operating system will recognize the .exe file header and execute them correctly despite their technically incorrect .com extension. (In fact any .exe file can be renamed .com and st

      • by RitchCraft ( 6454710 ) on Friday May 19, 2023 @03:45PM (#63535739)

        The difference between a .COM file and .EXE file is the memory space they occupy. A .COM file can only be up to 64K in size (everything within a near jump). .EXE files can be larger than 64K. .COM files are not .EXE files in disguise as I saw someone else state.

    • by Osgeld ( 1900440 )

      just to be that guy

      .com - Command .exe - Executable

  • by david.emery ( 127135 ) on Friday May 19, 2023 @12:40PM (#63535211)

    For every legitimate use of a new TLD, I've seen 5-10 misuses. Can anyone argue that almost 1500 new TLDs is in any way a success for any one other than scammers and domain registries?

    • It allowed me to finally have a 3 letter vanity domain name... (I am not a scammer, btw)

    • (Disclosure: Wife worked for Verisign and still owns some of their stock.)

    • by Reziac ( 43301 ) *

      It's a success if you can get large business to snatch up all the variant TLDs to prevent namesquatting thereupon...

  • Sure we've had too many top level gtld but going ahead and making sensational accusation about weakening security, bla bla bla... could be said of all gtlds that came before.

    people don't need a new gtld to fall victim to scams.

    To give the argument that zip and mov are extension is to ignore com is an executable type too

    • by MeNeXT ( 200840 )

      It was pointed out in the comments on Ars but it was downvoted. Why do applications create links in content that the author didn't include? It's one thing if the author put the full https://domain.tld/link than the software creating a link when someone is just talking about domain.tld.

      • i've seen Whatsapp turn a three-kisses signature into an unintended web link, for example with a message like this:

        See you tonight, ladies.xxx

    • You wouldn't go looking for a .com on a website to download and run a program. That would be insanity. But if you see a .zip on a forum post you'd expect it to be reasonably safe, but if instead it's a malicious website you have a potentially bigger problem. Sure, just because a URL says http://somewhere.com/somefile.... [somewhere.com] doesn't mean that's what you'll get any more than http://somewhere.com.somefile.... [somefile.zip] would be, but it's more effort to achieve that for the people loading malicious payloads into unsecured f

    • Comment removed based on user account deletion
  • is their an .Wad ?

  • clickable links in email or even html email.? Not many like me who do txt email only.
  • by Dwedit ( 232252 ) on Friday May 19, 2023 @01:06PM (#63535305) Homepage

    Here is the file you requested: attachment.zip [attachment.zip]

  • by rossdee ( 243626 )

    Who owns ICANN these days?

  • ICANN gTLD process (Score:5, Insightful)

    by CommunityMember ( 6662188 ) on Friday May 19, 2023 @01:11PM (#63535327)
    Google may have proposed these names, but ICANN approved them following their processes. The time to make one's objections known was during ICANNs review period. Those with a strong opinion on gTLDs need to follow that process (as there will always be a next proposal).
    • Comment removed based on user account deletion
      • You missed the OP's point. The process has a specified period for complaints to be heard. That the "Internet Pushes Back" now is completely irrelevant. The internet is late, it dropped the ball, you don't get to complain about something after it is implemented if you didn't complain about it during the review period dedicated to soliciting your complaints.

        ICANN's hasn't approved anything wrongly and followed the process. Google maybe should have known better than to applied for it, but in either case the ti

  • ".stfu" for Google critique sites.

  • The small business I admin for started receiving absurd amounts of spam from new TLDs. They couldn't afford any expensive spam mitigation hardware/software so I just set postfix up to reject any mail originating from something that isn't a traditional one. Spam was cut drastically and to date there have only been a couple of unfortunate incidents where legit emails went missing. But in all those cases they were from people we could speak to and I was told variations of "yes, everyone says our domain is a mi
  • In the 90s, we should have seen the problem and squished it entirely. The solution would have been to move .com, .edu, .mil, and even .net under .us. Then have everything use country codes. Sure, that's a pain for a few big multinational companies, but it would have been a lot cleaner than what we have now.

  • Google is doing this on purpose. The Idiots at ICANN Should be fired. Both of them KNOW the problems this is gonna cause.
  • ""moving pictures and whatever moves you, and bowel movements""
  • Last night I got an email from my boss that to paraphrase said: "I sent his to the wrong person!", and sure enough another x@company.com was listed in the "to" field. I reminded my boss, for the Nth time, that if you used something like PGP to verify my identity, you'd stop making this same error, which honestly happens far too often.

    He's not an isolated case, or some outlier to take note of, he's an average, idiotic, simpleton! He treats email like most people do, never gives it a second thought, and
  • is not a damn URI

    who the hell parses that and turns it into a clickable HTTP URI?

  • Please download my secret stash of nude Natalie Portman pics from:

    hxxp://definitelynotmalware.zip

  • I'd note that those domains were approved by ICANN. If Google wasn't the registry for them, someone else would be. The domains are a problem but the blame lies with ICANN, not Google.

  • It'd be nice if some ISPs (and others) reached some kind of informal agreement to have their nameservers filter out most of the stupid new toplevels, maybe gave users a choice on the matter but defaulted to filtering, and we made sure that the usability of many of these things were not certain, in order to hamper adoption.

If it wasn't for Newton, we wouldn't have to eat bruised apples.

Working...