It's always amazed me that ID.me, which you have to use in order to interact w/ the IRS online these days, has a top level domain from the country of Montenegro. Ublock Origin says they're injecting tracking links from Italy's TLD when you login at the irs.gov website.
What's next? Cookies from Colombia? AI from Anguilla?
How about this? Lawmakers pass a law (gasp!) that says if you're a private company providing services to the entire populace on behalf of .gov, your site will use com/net/org only when it is interacting with the government. Full stop.
Probably even the extreme wingnuts in the GOP could get behind this, in a kind of "buy American" way.
@max No way in hell I would encourage the further use of .us until someone in charge at the GSA or whatever started giving a damn about how the tld is completely overrun with abuse, phishing and spam domains -- in near total contravention to the tld's charter, I might add.
https://krebsonsecurity.com/2023/09/why-is-us-being-used-to-phish-so-many-of-us/
@briankrebs It really should. This is how most scams in third world countries start. 'SMSes like Click on this link to pay your tax/insurance, and the link is of some xyz@shop xyz@corner xyz@taxoffice site.'
Make it a law sooooon, Like before some foreign lobby gets to the GOP wingnuts.
@briankrebs I assume you're half-joking.
But in case not, this will never happen. While those three registry operations are all US-controlled companies, two of which being Verisign, there are numerous registrars for those TLDs located all over the world. Do you also stipulate US-only registrars too? Which ones if so?
Then what about all the other TLDs that are effectively in US control? Any of those OK? Why or why not?
How does this square with all the other goods that may not be entirely US-sourced? Placing a name under a certain TLD has potential consequences, and some are potentially problematic, but it may be a lot more complicated than that.
@jtk @briankrebs I don't think it's a matter of controlling com/net/org from non-US organizations.
If you register a domain in another country's TLD, that country or contractor who runs the registry, can invalidate your domain. Or change SOA and publish different DNS records.
Case in point: gay[.]af Mastodon instance was taken offline when Afghanistan decided the content offended their sensitivities.
Also, less likely to get com/net/org get filtered. For a while, couldn't send a text message to iPhone users if a domain with *.me was included. Some strange filter.
@briankrebs
The nontrivial factor which I know you're aware of but should really be mentioned, is link rot.
Sure, it's not a problem....right now. But in 5 years, if that company goes under and another one moves in, even with 3 years time warning ahead, some random person finds an old document via a search engine that talks about this URL. If it's a .gov address, no prob, 301. But what if it's a domain you just...don't control anymore?
@briankrebs domains is one thing, let's not forget it should also be fully hosted on US soil.
We don't seem to have this problem in Canada but the last big online platform to roll out in Quebec was a monumental fiasco. It also took me a while to even get access as the 2FA emails they send has a text version that has the expected message but a placeholder for the code! I eventually realized I could get it in the HTML version of the email...
BrianKrebs
Max Burke 🇺🇦
Allan Chow
royal
Fritz Adalis
Mirco Blitz
the_afflicted11
John Kristoff
hal8999
dango🍡
Oggie
Thomas Guyot-Sionnest