Categories
Technology

Twitter’s “paranoid” scam and what it tells us about trust and domain names

So….. Gotten any direct messages on Twitter from me? If so, sorry. I was stupid and clicked a link I should not have.

In fact, the NZ Herald is reporting that Twitter “shut down” a scam meant to appeal to our paranoia – or in my case, irritated curiosity. Same difference, I suppose. The body of the messages say something to the effect of “Have you seen what this person is saying about you?” and includes a link. The link goes to some sort of application that presumably leeches your follower list and then spoofs your name in yet another direct message. And the cycle continues….

I’m as embarrassed as hell of course. I’ve only been telling people not to fall for this type of shit for over a decade, now. And I went ahead and fell for it. Mea culpa: I was stupid.

But here’s the *big* problem: since all of Twitter’s links are converted over to their new t.co domain, one link looks precisely the same as the next. There isn’t necessarily any way to tell a good link from bad.

On top of it being an unsafe situation for users, this also raises the responsibility level of Twitter for the content provided on their system.

But setting aside Twitter’s admittedly short-term troubles, this does sort of point out one of the major problems with the custom TLD system recently approved by ICANN. Ok, I know I just hit you with a ton of tech stuff. What do I mean?

Top Level Domains are like the .com, .net, .org that appear on the ends of web addresses. TLDs have previously been restricted to a very few choices, mostly the most common ones listed above and country-based TLDs like .uk. The ICANN is the body responsible for governing the provision of those names – if you bought a new domain name, you registered it with them, knowingly or not.

The new system allows virtually limitless TLDs, so Coca-Cola company could own domain.coke if they wanted to.

The trouble with this new system, from a security standpoint, is that while only I can own dragonflyeye.net, someone else could own dragonflyeye.nett. How would you know you’re clicking a link to my website unless you read very, very carefully?

The chaos, the phishing, the identity theft possibilities leave me speechless. And this one minor annoyance really should make people wonder: where is the trust in the new era of limitless domain names?