Don’t blame phishing on IDNs

I received a friendly email from Twitter awhile back.

It was fake.

I (stupidly) clicked on the link and was greeted with a login page that looked very much like Twitter’s real login page at the time.

Here’s a screen grab (note the bogus address):

I mention this now because I keep coming across stories about how internationalized domain names (IDNs) may be inherently dangerous. That if you start allowing all these additional characters in domain names you’re going to see many more instances of phishing (or IDN spoofing or homograph attacks).

I don’t dispute that these attacks are happening and will continue to happen.

I just want to make the simple point that phishing has been alive and well with plain old ASCII characters.

Maybe IDNs, as they become more popular, will lead to more problems. They probably will. But we’ve had our fair share of phishing attacks with Latin-based characters and I don’t ever read an article or blog post suggesting we eliminate these characters from the DNS.

Risk is, unfortunately, a sad fact of life on this crazy world wide web. And, yes, there are  IDN scenarios (like mixed scripts) in which IDNs could present the “bad guys” with exciting possibilities. So far, these scenarios have been limited reasonably well.

The key is to minimize risks while still allowing people around the world to interact in their native languages.

IDNs, warts and all, are important to the future of the Internet.

 

Twitter’s multilingual error page

I’m not sure if Twitter has officially retired the “Fail Whale” landing page that we all grew accustomed to over the years.

But I recently came across a Twitter error page that did not include the whale, though did include a number of languages.

The page defaults to the user’s browser language, so I initially saw an error page in English.

Clicking on the language links in the footer quickly changes the language of the error page.

Shown here is German.

I’m assuming that English is the fallback language for instances in which the user’s browser is set to an unsupported languages (such as Swedish).

Over the past two years I’ve seen an increasing number of companies localize their error pages.

These details really matter.

Twitter launches translation crowdsourcing, again

Twitter went live with its newly updated translation center today. This is the second iteration of the platform; it first launched in October 2009, but was closed less than a year after for an overhaul.

I gave it a quick tour. A number of people were complaining (via Twitter naturally) about the slowness of the site. But it was fast enough on my end.

There are nine target languages as of today (six of which are already live). The three new languages are Indonesian, Russian, and Turkish. It’s fascinating to see Indonesian and Turkish as part of this first batch of languages — ahead of, say, Dutch or Swedish. Twitter is simply going where the users are — and Twitter is HUGE in Indonesia and Turkey.

Also, not surprisingly, Chinese is NOT on the list of target languages.

Overall, I liked the new design. The language translation interface is similar in many ways to Facebook’s UI. But what I found most intriguing (see above) as how the home page segments the text strings by platform (Android, Twitter.com, iPhone) as well as audience and content type (Business, Open Source, and Help).

If you’re wondering why Twitter.com text strings are handled differently than iPhone text strings, consider the platforms. On a PC, you have a good deal more real estate to work with. On a mobile device, you may only have a fraction of that real estate, which would require a much-shorter text string. So you could have the same message translated differently depending on the target device or application.

Finally, I thought I’d share the “opt in” text that Twitter presents potential volunteer translators. I like the fact that Twitter is up front with users in that they are giving away their time and text for free. Though I’m not sure how Twitter plans to enforce the confidentiality rule:

  • Since you’ll be helping out Twitter (thanks again!) we want to let you know our ground rules. Please read the full agreement below before continuing. Here are some of the things you can expect to see:
  • We may show you confidential, yet to be released products or features and you must be willing to keep those secret.
  • You’ll be volunteering to help out Twitter and will not be paid.
  • Twitter owns the rights to the translations you provide. You are giving them to us so that we can use them however we want. Among other things, Twitter plans to share the translations with the Twitter development community. We want to help make all of the other great Twitter apps, not just Twitter.com, available in your language.

Now that Twitter has its new platform, will it match the record set by Facebook awhile back — translating 70 languages in less than 18 months?

The Twitter Domain Rush: Don’t Get “Twit-jacked”

My previous post on Twitter got me thinking about what other companies had registered language-specific domains for their Twitter accounts.

Turns out, most companies haven’t even registered Twitter accounts for their primary brands.

Like who?

Apple, for one.

Here we have someone who apparently likes apples but isn’t Apple:

twitter_apple

It appear that Microsoft reserved its account early on, though nothing is there. Microsoft does have about a dozen Twitter accounts that do include content.

twitter_msft

Coke — someone who drinks Coke, but not the company.

twitter_coke

While Pepsi does have a Twitter account.

twitter_pepsi

The Wall Street Journal has an article out about this domain name rush.

So many questions come to mind:

  • Will Twitter enforce trademarks for valid holders? Usually, the WIPO does this with domain names, but this isn’t actually a domain name in the traditional sense.
  • What percentage of the millions of new Twitter accounts being registered every day simply squatters hoping to make a quick buck? That is, how much of Twitter’s growth actual growth?
  • And what about third-party domain marketplaces — will we see them emerge? Or will Twitter start its own marketplace?

In the meantime, if you’re thinking about reserving a Twitter domain, do it now before getting Twit-jacked…

Twitter and Web Globalization

icann_es

ICANN recently launched its own Twitter feed. And since ICANN is a global organization, it launched more than one language feed — one in English and one in Spanish.

http://twitter.com/icann_en

http://twitter.com/icann_es

This is not the most scalable solution. And I’m not trying to pick on Twitter; the issue effects any multinational company or organization.

For instance, let’s say ICANN launches a Portuguese feed for Brazil. The address would have to read twitter.com/icann_pt_br. Similar challenges arise with French (Canada vs. France). And even the English and Spanish feeds are inherently going to exclude various flavors of the languages.

In addition, if I were wanting to be a pain, I could register icann_ru to beat ICANN to that address. And this highlights a larger emerging issue (and opportunity) as Twitter becomes more corporate and less personal — how to ensure that brand holders have access to their names. I always thought this would be a nice revenue source for Twitter, similar to the way that registries profit from domain registrations.

Ideally, Twitter would allow you to set up one address and then forward language-specific feeds to the subscriber based on their preference — sort of like how language negotiation works now with Web browsers. For instance, if I type in Google.com, the language I get aligns with the language preference of my browser.

But therein lies the challenge of Twitter — it doesn’t just send feeds to a browser. It sends the feeds to browsers and mobile devices and even Twitter apps, like Tweetie, which I use on occasion.

ICANN is now migrating its subscribers from icann_en to icann. No word yet on what will happen with icann_es.

What do you think Twitter should do to solve this issue?