I Do Not Recommend Bitwarden

mesa@piefed.social · edit-2 2 days ago

I Do Not Recommend Bitwarden

ccunning@lemmy.world · edit-2 3 days ago

What’s with the sketchy domain name? Doesn’t really instill trust enough for me to click on let alone listen to their opinion.

ETA: TIL about punycode. Thanks all 🙏

Elvith Ma'for@feddit.org · 3 days ago

If the domain starts with xn- it’s a telltale sign, that it’s a punycode domain name. Read: it does contain characters that are not ASCII characters. This is done as domains need to be ASCII only. The format of these domains is usually xn--allASCIIcharacters-allNonASCIIcharactersEncoded.tld. Example: täst.com is xn--tst-qla.com.

If you manually type such a domain (containing characters like äöüéèçč…), many browsers will still display what you entered, but convert the domain into punycode in the background before connecting.

You can decode the domain of this post and it results in マリウス.com.

MonkderVierte@lemmy.zip · 3 days ago

This is done as domains need to be ASCII only

They don’t need to, but a punycode-attack is done by using a letter of another language that looks almost identical. I think you still have to actively enable the defense against it (some about:config setting), the poster did.

Elvith Ma'for@feddit.org · 2 days ago

DNS is ASCII only and so this conversion is done. It is not needed to display the “technical” domain name that results when you enter a domain name with non ASCII chars in apps, but yes, this prevents character confusion.

https://en.wikipedia.org/wiki/Internationalized_domain_name

In the Domain Name System, these domains use an ASCII representation consisting of the prefix xn-- followed by the Punycode translation of the Unicode representation of the language-specific alphabet or script glyphs. For example, the Cyrillic name of Russia’s IDN ccTLD is рф. In Punycode representation, this is p1ai, and its DNS name is xn--p1ai.

MonkderVierte@lemmy.zip · 1 day ago

TIL, thanks!

YoFrodo@lemmy.world · 3 days ago

Thats interesting! And my translation addon says it translates to “Marius”

Glitchvid@lemmy.world · 3 days ago

It’s just a punycode domain, it ought be rendered in Japanese:

マリウス.com

Edit: I swear those replies weren’t there when I typed mine.

Célia@lemmy.blahaj.zone · 3 days ago

This is puny code, and allows for non ascii characters to be used as a domain name. Your lemmy client probably does not convert it to unicode and displays it as a random looking text https://en.wikipedia.org/wiki/Punycode

TerHu@lemmy.dbzer0.com · 2 days ago

they even have a blog post telling you to never click domains that look like the domain of the blog :D