People thought .dev was safe until it wasn't. Bear in mind they can still do som... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ocdtrekkie on Jan 27, 2024 \| parent \| context \| favorite \| on: Proposed top-level domain string for private use: ... People thought .dev was safe until it wasn't. Bear in mind they can still do something like "enroll all of .int in HSTS preload" (like was done for .dev), and suddenly your browsers will permanently refuse to load any of your internal sites.

yrro on Jan 27, 2024 [–]

No one competent would ever have thought dev. was safe. It's quite simple: if you don't own the domain, or it hasn't been reserved (e.g., home.arpa.), don't use it!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact