Twitter’s “paranoid” scam and what it tells us about trust and domain names

So….. Gotten any direct messages on Twitter from me? If so, sorry. I was stupid and clicked a link I should not have.

In fact, the NZ Herald is reporting that Twitter “shut down” a scam meant to appeal to our paranoia – or in my case, irritated curiosity. Same difference, I suppose. The body of the messages say something to the effect of “Have you seen what this person is saying about you?” and includes a link. The link goes to some sort of application that presumably leeches your follower list and then spoofs your name in yet another direct message. And the cycle continues….

I’m as embarrassed as hell of course. I’ve only been telling people not to fall for this type of shit for over a decade, now. And I went ahead and fell for it. Mea culpa: I was stupid.

But here’s the *big* problem: since all of Twitter’s links are converted over to their new domain, one link looks precisely the same as the next. There isn’t necessarily any way to tell a good link from bad.

On top of it being an unsafe situation for users, this also raises the responsibility level of Twitter for the content provided on their system.

But setting aside Twitter’s admittedly short-term troubles, this does sort of point out one of the major problems with the custom TLD system recently approved by ICANN. Ok, I know I just hit you with a ton of tech stuff. What do I mean?

Top Level Domains are like the .com, .net, .org that appear on the ends of web addresses. TLDs have previously been restricted to a very few choices, mostly the most common ones listed above and country-based TLDs like .uk. The ICANN is the body responsible for governing the provision of those names – if you bought a new domain name, you registered it with them, knowingly or not.

The new system allows virtually limitless TLDs, so Coca-Cola company could own domain.coke if they wanted to.

The trouble with this new system, from a security standpoint, is that while only I can own, someone else could own dragonflyeye.nett. How would you know you’re clicking a link to my website unless you read very, very carefully?

The chaos, the phishing, the identity theft possibilities leave me speechless. And this one minor annoyance really should make people wonder: where is the trust in the new era of limitless domain names?


Another TLD, Another Cybersquatting Story

Technically speaking, cybersquatting is illegal. Practically speaking, its an impossible to prevent form of extortion. This story comes to us via @gtconboy

Cybersquatting refers to the process of buying up domain names that suggest someone else’s name, most profitably registered trademark names, in order to sell the domain to that named entity for a profit. For example, when the Internet was really taking off in the late 90’s, profiteers bought up names like or

Now two big moves by ICANN (International Corporation for Assigned Names and Numbers, the folks who manage domain names) are sure to raise the spectre of cybersquatting to a whole new level. First, the adult site Top Level Domain .xxx is due to go live, ushering in a land rush. And second, the ICANN plans to allow organizations to create their own TLD’s:

Businesses in U.S. complain of .xxx shakedown | Reuters.

I’ve looked into a .xxx domain recently (because who doesn’t want to see a pasty-white blogger naked?) and was shocked to discover the domain names on that TLD are going for $100 a pop. Not really in the works for a small-timer like me. But it really isn’t that big of a deal for multi-billion dollar companies such as the ones named in the article. I work for a company with literally hundreds of trademarked product names as domain names.

This is all just part of the world we live in. Get a helmet.