Hacker News new | ask | show | jobs
by dwild 2514 days ago
> seeing the domain and nothing else likely improves security

By hiding between 1 to 3 letters?

It seems much more secure to do it like Firefox using grey for the unimportant part and black for the important part.

If anything, if "m" is hijacked (by a feature actually to use subdomains), it's less secure because now he thinks he is somewhere that he isn't.
1 comments
EpicEng 2513 days ago
It's not always 1-3 characters. google-payments.sbc.net for example. For the third time, I'm not arguing in favor of Google's implementation. What I'm saying is that this has nothing to do with Google being out of touch with users as the GP suggests.
link
dwild 2513 days ago
> It's not always 1-3 characters. google-payments.sbc.net for example.

It will consider google-payments as being trivial and hide it? I may have misunderstood something, the article mentions clearly only "www" and "m" and if anything it made me read more and it seems like they no longer hide "m" (which make it much better because now the only mistake can be made only between www and without it, which should be quite rare).

> What I'm saying is that this has nothing to do with Google being out of touch with users as the GP suggests.

You said that:

> seeing the domain and nothing else likely improves security

Sorry but you are arguing that it will improve security. I'm asking you to prove that it does improve security.

I'm not arguing whether it's in touch or not with their users, it's meaningless, security is not an esthetical choice.

link
EpicEng 2513 days ago
>Sorry but you are arguing that it will improve security. I'm asking you to prove that it does improve security

My opinion on that bit isn't cemented in yet (why I used "likely"), but people are fooled by real-sounding domain names. They don't know what TLS is and they don't know what the prefix is, but they do know the difference between "google.com" and "avs.net".

link
dwild 2513 days ago
> They don't know what TLS is and they don't know what the prefix is, but they do know the difference between "google.com" and "avs.net".

Sure but hiding www won't make google.com or avs.net more obvious.

This is an example that I wrote in another comment.

    Before the change: www.google.com
    After the change: google.com

    Before the change: google-secure-payments.google.via.net
    After the change: google-secure-payments.google.via.net
In the past, I guess the second URL would have included www at the beginning.

The dangerous one didn't change... the not dangerous one did change but doesn't matter really. They are just as similar.

link