Hacker News new | past | comments | ask | show | jobs | submit login

...and I'm not sure Google has claimed any different. Just that HSTS enforced on the TLD level is more secure than otherwise, which it is.

Because telling my grandma ".app urls are safer because Google" is like saying "here's a loaded handgun, but the safety is on, go nuts!"

actually that's a bad example because even then my grandma knows to be careful. but she's tech illiterate enough that if she hears something is "safer" she will put blind faith in it.

This isn't an issue for me and you, the readers of HN, this is an issue for Jane Doe, who already has low standards, and is now going to lower those standards even further for a set of websites.

Jane Doe is not reading the Google Blog. The article is directed at developers.

When grandparents start seeing .app urls, they are going to be naturally wary. And they might even avoid clicking them. Then someone is going to ask about them to someone who is only partially tech savvy.

And that someone will tell them that those are safer URLs. And that gets misinterpreted and soon you have people saying they are special approved by google URLs that are guaranteed to be safe.

Regardless of who the article is for, tech illiterate people are going to ask "what is this new URL thing, and should I trust it?"

I don't see what's so difficult about explaining this to your grandpa:

"What's .app?"

"it's like .com or .org, don't worry about it"

That is exactly what I would do. The issue arises when some semi-technical person reads this blog and their response is:

"it's like .com or .org, but it has some stuff in there to make it more secure, and it's managed by Google"

I'm also not the only person my grandparents get to ask about things.

I'm not saying this is all a bad thing. Just that we should be aware that giving things a little security can make people more careless.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact