LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Avoid broken fonts

Avoid broken fonts

Posted Feb 22, 2005 9:36 UTC (Tue) by eru (subscriber, #2753)
In reply to: New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine) by ekj
Parent article: New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine)

In lots of fonts it is very hard (or impossible) to see the difference between l (small L) and I (capital i) paypal paypaI, would *your* grandmother notice ?

But such fonts are seriously broken, at least for all applications that require accurate information to be conveyed.

It would not be too hard to require that the URL entry field and the status bar must use only fonts where different letters of the alphabet are clearly distinguishable. That does not mean going to monospaced typewriter fonts. Most of the problem goes away by just avoiding sans serif fonts.

(Log in to post comments)

Avoid broken fonts

Posted Feb 22, 2005 16:47 UTC (Tue) by Max.Hyre (subscriber, #1054) [Link]

Most of the problem goes away by just avoiding sans serif fonts

I fear there speaks insufficient examination of other scripts.

Even in Latin, serif, fonts, we're still stuck with letter `O' vs. digit `0', and letter `l' vs. digit `1'. What is ``sans-serif'' in Hindi? Japanese?

Having no ablilty to read non-Latin languages, I've nonetheless seen a number of them (Hebrew, Arabic, Thai, Japanese, &c.) and I strongly suspect they have their own problems of this nature, and probably a number of different ones, to boot.

Avoid broken fonts

Posted Feb 23, 2005 8:45 UTC (Wed) by eru (subscriber, #2753) [Link]

I fear there speaks insufficient examination of other scripts.

Even in Latin, serif, fonts, we're still stuck with letter `O' vs. digit `0', and letter `l' vs. digit `1'.

Note I wrote "most of the problem", not "the entire problem"! Anyway, in the font I am now reading your message in (Times New Roman), letter `O' and digit `0' are clearly different. `l' and `1' could be confused, although there is some difference. Well, the font could be improved. I remember seeing old Telex machines where the font was specially designed to make `l' different, with a small hook at the bottom.

(Reminds me of my father's old mechanical typewriter that actually took advantage of the similarity of `l' and `1': there was no separate key for "one"!)

What is ``sans-serif'' in Hindi? Japanese?

I don't know. The concept probably makes no sense in scripts that belong to other cultures than Western European. However, there are different fonts being used for these scripts. Even not knowing Hindi or Japanese, I can sense the differences.

Some fonts for these languages are no doubt less prone to homographs than others, so a similar solution is likely to be applicable: Pick fonts where the characters are maximally different for applications where URLs are entered or displayed for the user's verification.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds