Hacker News new | past | comments | ask | show | jobs | submit login

> While I can see the anti-phishing advantages of emphasizing the domain

I don't even think it would help there. In fact, I think this would help fraudsters. If I think about the various scam attempts on steam for example.

They direct you to a url like www.stempowered.com/q?phishlogin=true or something.

Knowing that a correct steam url would never have this sort of thing in its url would be the first thing to notice if you were already duped into clicking on a link that lead to the above url.

If the browser then only displays "stempowered.com", it would be way more difficult to notice you are on a phishing site. Just because you didn't notice the missing "a". And let's face it. The average consumer/user does not go and verify any certificates.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: