[jeroenhd]

> Companies register all kinds of crazy domains and redirect you through them all the time

That's the real problem with domain trust these days. Companies go out of their way to make sure you know to only visit official links, and then do stupid stuff like buying vanity domains for one-time deals, or make you click through mailchimp tracking URLs because marketing tracking is more important than your customers falling for phishing. Those vanity domains then end up expiring, and now emails and web links that used to go to an official $brand server are all ready to be swooped up by scammers. Customers never stood a chance.

This isn't a TLD problem. It's a shitty company problem.

[marxisttemp]

I wholeheartedly agree. Subdomains exist for a reason. Vanity domains are so incredibly sloppy and unserious.

Another issue is that they can make password management more of a chore. Every time I need to look up my Microsoft login, I have to remember to actually look up “live.com”. Except sometimes the login page is served from “microsoft.com”. Oops, you forgot your password and reset it; now your password for the other domain is out of date. Utterly ridiculous behavior from a company of their stature.

[xelamonster]

This made me think I'd somehow not saved my MS password because it wouldn't show up if you searched "microsoft". I know you can combine them like the other comment mentioned but what an awful default experience.

[nemomarx]

bitwarden can list multiple domains in one entry for a password - it might be good to find out if you're manager can do that and merge some?

[mh-]

1Password too. This is a must-have feature for me.

[callalex]

That seems like the textbook definition of a bandaid solution. Does that even work for the new hotness, passkeys?

[marxisttemp]

iCloud Keychain can too, and I’ve already done that. It’s still an annoying and pointless extra step.

[zokier]

There is no domain trust problem, because there is no trust to be had on domains.

[immibis]

do you trust that you are on Hacker News right now?

[zokier]

What I meant was that you can not put any trust in the contents of DNS labels, they should be handled as opaque blob-like identifiers. The only meaningful thing you can do with domain name is to compare it's labels to some reference.

So no, I don't trust that I'm on HN because of I put any trust in the domain "news.ycombinator.com" signifying anything. I only trust that I'm on same HN that I was on yesterday because the domain matches exactly the reference value. But the domain name could be anything, as long as it is stable.

[mindcrime]

Maybe it would be better to say "there is no inherent trust on domains". I trust HN today because I was on HN yesterday, and the day before, and last year, and 10 years ago, etc., and it's always been trustworthy (so far as I know).

But if I saw a link tomorrow for hackernews.shop and I went there, I'd be very suspicious.

[motorest]

> do you trust that you are on Hacker News right now?

Is Hacker News asking for my credit card or impersonating any other site?

[bdangubic]

where am I…??

[Symbiote]

A little searching shows Dell have dell.to, used as a link shortener, even though Dell has little business in Tonga.