96.5% of confusables.txt from Unicode is not high-risk
5 points by abareplace
5 points by abareplace
I think this uses a too narrow view on what "confusable" means. Attackers are even exploiting .cam versions of .com domains.
Yeah, I thought the same. Even if the difference between characters is visible, it may be non-evident in smaller font sizes. It's still an interesting research, though.
I'm not really dissing the methodology, it is interesting from a technical standpoint. But as alluded to by grandparent comment, the targets for these sorts of scams aren't eagle-eyed typeface connoisseurs but harried crypto owners and old age pensioners with declining eyesight.
Continuation of submission discussed in
https://lobste.rs/s/xlgbrz/confusables_txt_nfkc_disagree_on_31
I don't believe relying on typeface differences is enough. Areas where dangers of confusing Latin characters (ASCII) with Unicode lookalikes should implement systems which displays any character not expected to be ASCII with a differing rendering or color. These areas include browser address bars, moderation systems, etc.