Hacker News new | past | comments | ask | show | jobs | submit login

It’s so confusing (and could lead to security issues) for Apple to use .apple TLD

It’s super easy for someone to get confused between example.apple and example.app/le (since both .apple and .app are TLDs)

They did this with music first, now this.

https://learn.applemusic.apple/apple-music-classical

(And it’s further confusing because sometime .apple redirects to .com)

What’s the logic Apple uses to decide between .com or .apple TLD usage?




> It’s so confusing (and could lead to security issues) for Apple to use .apple TLD

Rest assured - anything under .apple brand TLD is Apple's.

https://www.apple.com/legal/intellectual-property/tld/regist...


.app/e or .app/le are not but look quite similar.


Don't most (and possibly all popular) browsers these days hide or de-emphasize the path in the address bar, showing only the domain?


the full host, including subdomains.


In my URL bar, .apple is bold and bright white, the /le on .app/le is grey and faded.

With modern browsers, I don't think this is a problem anymore. Subdomain attacks and query length attacks have already made browsers put address shenanigans mitigations into the address bar.


According to [1], this is already possible with more than 30 TLDs: .silk (.si is a TLD), .google (.goog is one as well), .college (.co), .calvinklein and .cal (.ca), .gallery and .gal (.ga), .select (.se), .afl, .aol, .srl, .delivery, etc.

[1]: https://data.iana.org/TLD/tlds-alpha-by-domain.txt


Both chrome and firefox make it very clear what the domain is in all of these cases.

I don't recall the last time I saw a spam/phishing attempt that was this sophisticated ... mostly they are things like www.apple-support.com which is ironically for sale right now.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: