• rayon@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      This should be ON by default, in my opinion. Also, I believe Mozilla has a massive opportunity here to demarcate themselves as the more security-conscious browser vendor. “This phishing trick works on all major browsers except Firefox” would be great publicity material.

        • rayon@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          That’s true. Also I guess domain names in most ideogram-based languages cannot be meaningfully converted to ASCII. The best detection method I’m aware of is detecting a mix of different alphabets in the domain, but I imagine even this has a lot of false positives

        • BurningnnTree
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          They could add some kind of warning message that notifies you when the URL has unicode in it. Then the user can decide if they want to disable the warning or not.

      • gnzl@nc.gnzl.cl
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Turning it on by default would be a massive disservice to the work that domain registries and registrars have been doing to allow Unicode to be used in domain names. In Spanish speaking countries the ñ character is pretty ubiquitous for example, and the workaround of replacing it with an n creates many problems like misdirected web traffic and typos in email addresses. Unicode in URLs and domain names is a feature, abuse should be attacked by means other than disabling it.

      • X3I@lemmy.x3i.tech
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Seems to be on by default in Librewolf(I just checked mine from the AUR on Arch), maybe consider that one!