I agree with the point of 'doesn't mean credible', but the traditional TLDs of .com/.net/.org are also much better recognized as an actual TLD.
If I start a new taco truck company and put "burrito.services" or "burrito.catering" or "burrito.ai" in a huge font on the side of the trucks, a fairly large number of people aren't going to immediately recognize that as a web site address.
On the other hand, if I'm lucky enough to get the domain burrito.net , most people will recognize that as something they can type into a web browser address bar.
> If I start a new taco truck company and put "burrito.services" or "burrito.catering" or "burrito.ai" in a huge font on the side of the trucks, a fairly large number of people aren't going to immediately recognize that as a web site address.
A pretty good percentage of people are just going to remember it as burrito.com. Alternate TLDs are fine for clickable media, but fall apart in print form.
I'm pretty sure this is why (in the US at least) we end up with online gambling sites located at .com addresses with "free" counterparts at .net addresses. You can advertise the free .net sites because they're not gambling with money, but people typing the addresses in simply go to the .com versions.
Fascinating! I'd never noticed this before. Normal television is dominated by those free-to-play gambling sites, and as you mentioned overwhelmingly they seem to use .net. I always wondered how they made money.
Certainly, though the trend for printing vehicles, business cards, letterheads, outdoor advertising signs and such seems to be to omit the "http(s)://" or "www"... Since in real world use almost nobody is actually typing the http:// into the browser anymore, as might have been necessary when we were running Netscape Navigator in 1999.
> As early as 1996 browsers were already inserting the http:// and www. for users automatically (rendering any advertisement which still contains them truly ridiculous).
That, and in a typical virtualhost based http/https setup now, it's standard DNS configuration to point the A record for the 'root' of the domain (domainname.com) to the same IP address as the www.domainname.com DNS record.
> Well, unless you put "http(s)://" in front of it.
Go with "https://www.burrito.services/" and make it blue and underlined, just to be safe. I'm kind of kidding, but I also kind of suspect the blue font and underline would probably be more immediately recognizable for many people than the HTTPS protocol prefix.
That actually strikes me as anachronistic, because it became popular to drop "www" (not only in print media, but also in the canonical FQDN) well before these sort of TLDs became available.
Also correct, though using my example and weird new TLDs, let's say in a theoretical example I see a bus stop outdoor advertising board on the street that says:
"BURRITO.CONSULTING"
I'm going to think, "uhhh, is that a website? Well, I recognize .consulting as a TLD. I guess it must be. But that's weird..."
but then if i see the same sign
"WWW.BURRITO.CONSULTING"
I'm going to think: "Well that's definitely somebody's website, but what a weird and anachronistic way of printing it, and why is it using one of those new long generic TLDs anyways..."
Yes, 'www.burrito.consulting' looks akward, but most people born after 1960 will recognize it as the URL for a web site.
People outside tech generally don't realise that domain.tld and www.domain.tld are two separate hostnames, and adding www. makes it much more recognizable to the general public.
Exactly. There is plenty of discussion to be found online in techie circles, but in short, if you’re going to use a naked domain to host your website, at least redirect www to it.
Lazy? Running without www can actually be a decent amount of work:
1. Avoiding the relatively common pairing of {a host whose IP address changes without warning so you need to CNAME it; a DNS provider that doesn't offer CNAME flattening a.k.a. ALIAS a.k.a. ANAME}.
2. Scoping session cookies so user agents don't also send them to your subdomains.
I think none of http, www or .com actually work anymore for all audiencies. What I see more often is stuff like "<instagram logo> @burrito_catering" or "<facebook logo> burrito_catering".
It is interesting to see the same signs and logos on non-north american businesses where much the same approach has been adopted for GFW-compliant things within China, where a retail store might have some nice glossy logos for alipay, wechat pay, weibo and qq
I think that's a good thing. There should not be an unmitigated explosion of TLDs. A few will pop up that appeal to lots of users, say .taco, and the .com monoculture can be split into a manageable number of TLDs.
Humanity is great at this stuff. Natural language is enervated with side channels everywhere. At some point, people may converge on "what a TLD looks like" and new TLDs will often have an ineffable TLD-ness about them.
I think the reverse is going to happen. In the search for short, expressive names more TLDs are going to proliferate, so eventually many common words will become TLDs. It will be hard to know what is a TLD, except for a few old, well-known ones, like .com, .org, .net, etc.
I think those custom TLDs will work just fine. It might confuse customers a bit, but most of them will just type "burrito.catering" in Google and miraculously reach the correct website anyway.
EDIT: In case it's not obvious, the fact is that most people don't type the website address in the URL bar. They type it in the Google search bar.
Most people don't even know that .catering is a domain name, so they might not recognize it as an actual website... burrito-catering.com would be much better imho
Also, a weird TLD like ".catering" usually means you're trying to use a generic word in the domain name, "burrito" in this case, which makes it even harder to remember than something more unique + ".com".
The effect is that people have to now remember two generic dictionary words. "burrito" and ".catering", or wait, wasn't it "tacos" and ".food" or something? And like you said, I'm sure most people don't even recognize that ".catering" is a TLD, whatever that is, and the domain name just looks like `<genericword>.<genericword>` making it all the more confusing and arbitrary.
It's like having to remember where the periods went in "del.icio.us" and, if you couldn't, googling "delicious" (until it caught on) was incredibly unhelpful. Just like googling "burrito catering" doesn't necessarily take you to "https://burrito.catering".
I think even a random brand name + ".com" is still preferable to most of these new TLDs.
Even then, you've got a large SEO and trademark barrier. Can you out-rank Qdoba for the words "burrito" and "catering"? If you do, can you use your trademark recognition to fend off competitors at better-burrito-catering.com?
Like Qdoba, choose something unique. The domain caterrito.com is a little overspecific, but memorable, unique, easily trademarked, and available.
I think there's a problem worth solving here. With the DNS, people didn't have to bother remembering IP addresses or even know what they mean. With search engines, people no longer have to bother remember URLs or even know what they mean. That's a good thing, IMHO.
All we need now is to create a syntax for "internet identifiers" which is instantly recognizable as such. Enter ... drumroll ... @burrito.catering?
The choice of generic words like "burrito" and "catering" is a marketing decision. The original example was mostly a placeholder.
If I tell my mother to go to a specific website (example.com), she will go to google.com, wait for the page to load, then type the website into the search box and semi-randomly click a result, which isn't always the correct one. I've explained to her that if she has a web address, she can skip the googling step, but she doesn't seem to get it.
I've also tried explaining to her that the address box doubles as a search box, but she still goes to google.com to search. ¯\_(ツ)_/¯
I had a similar experience with a side project. I used an .app tld since it was available and, hey, it seemed kind of cool. Then I told my friends and they were totally confused- “your apps not on the App Store?”
I own a .app domain and in naming a folder on my Mac that I lost the ability to open the folder in Finder. Cracked me up and outside of the terminal I could find no solution.
This is good to note. I remember I was trying to hit return to rename it and that would just open it. I was probably tired because I felt so flabbergasted! It looks like you can rename from right click too. Not sure how I missed that
How about putting a Chrome icon next to 'burrito.catering' as if it were a social network? The implications are awful but the results might be effective
I fear we are going that way. It's already become almost a default industry standard for a lot of retail customer facing things to have the trifecta of nicely rendered, equally sized icons for facebook, instagram and twitter next to their brand name.
If your engagement strategy relies on users typing in your domain name you need to sue whatever time displaced guru faxed you their internet marketing manual
Not my point at all, rather, that a well chosen domain name that's immediately recognizable as such, and a part of the corporate identity and trademarks, is an essential part of having an Internet presence.
Also ultimately your domain name and wherever its MX record points to is the start of authority for setting up official business accounts with all of the popular social media promotion channels (you sure aren't letting your social media people run the company instagram page from an account linked to their personal gmail accounts, are you?)
By no means would I say that people should ignore all the other ways of driving traffic to a company's online marketing presence, via all other modern means of social media (instagram, tiktok, facebook, twitter, whatever is the new hot thing of the current year). And having a dedicated app, partnership with third party food ordering services if you're something like a burrito delivery service.
In the theoretical example I didn't literally mean a burrito truck, but a silly example of "I'm running a business in $marketsegment and I'm going to print all my company vehicles with $companynameurlrelatedtomarketsegment". The burrito part was chosen as a placeholder much as we might use Alice, Bob, Charlie in a discussion of cryptosystems.
I think my statement holds for most small non-tech businesses.
Many of them have companyname@gmail.com business email addresses and while I hope their social media accounts are at least registered from that email account, I wouldn't be surprised if many are linked to a personal account. That is, if they have a dedicated email account for the business at all. Especially with older non-tech-savvy small business owners, there's a chance they just use whatever email address someone made for them.
Another thing about new domains is that sometimes they can get caught up in spam filters.
I already suspected that reliably sending an email from an .xyz domain is very difficult, but I learned the hard way that that lots of enterprise filters also block emails that contain links to any domain ending with .xyz, so we had to use something less fancy, so a longer .com was it.
I think most people these days may not use URLs at all. They will type whatever is written on the side of your truck into their search engine, which is also their address bar, and they will click on the first result.
You joke, but I was told this myth about .org multiple times over my education by multiple teachers, including in college. It might be terribly obvious to you, but there are hundreds of thousands of teachers who teach this wrong.
I asked my two sisters, in their 20s (not in tech): they both had this misconception from school. A friend (not in tech) did too, but only until he tried registering a domain of his own and saw he could get .org. My mother (also not tech savvy) trusts .gov more than .edu or .org, but didn't realize that anyone can purchase the latter ones.
I asked her why she trusted .gov over the others, she paused and laughed as she said "well the government wouldn't lie to you!" :)
If you object to all the author's points, do you also object to the fact that .org domains are not always reputable? If so, then this website must be reputable, and therefore all of its points are true. But, unfortunately, the website itself asserts that not all .org domains are reputable.
Wait...
RecursionError: maximum recursion depth exceeded
If you are on desktop, there are two CSS color rules to disable in order to get the color reasonable. Just click on the paragraph in inspector and they should be easy to find. The site should just work out of the box though, just wanted to provide a workaround for people who aren't red-tailed hawks.
Also wanted to add that for sites you go on a lot, Amino seems to be a pretty good browser extension for saving modifications persistently.
Not just the colors. The site's presentation with complex UI elements is confusing at best. I wish it was laid out like https://motherfuckingwebsite.com/ Much clearer.
This is arguably still an accessibility concern because there's no easy way to make the text readable. Perhaps hovering over it could make it show in black? I've tried highlighting it, but that doesn't work very well because my highlight color is light blue by default (I think I could change it but wouldn't do so just for this purpose).
Wow, have been on this site for nearly a decade and I just learned two things! I wonder why there is different greying behavior for people who are logged in?
I'm on Firefox and it has a pretty deep blue for highlight color. Maybe it's an accessibility concern of the browser as opposed to HN? I don't think making the text lighter interferes with screen readers for example.
Yes, but people who have normal-ish vision don't have or know how to use dedicated screen readers. I could figure out how to have my browser or OS read aloud, but I generally don't want to have things read out loud to me. I just want to be able to read them visually.
I think my highlight color is set at the OS level, at least on my Mac.
Regardless of whether you care about the leak of possibly private information, it's always a good idea to shorten and clean URLs before pasting them, like so:
(There is some sparse discussion that the gs_lcp parameter may contain an encoded form of your physical location. "When in doubt, leave it out" is a good policy to follow for such things.)
Is this article old? Haven't heard anyone say or believe that .org is anything special in 10years.
Who is saying this? Same books that claims smoking is good?
To be honest, I wonder more how did anyone ever get this idea? Looking at whois records for my personal .org domains, some of them have been registered since 2003 (I also have a .net from 2002): I was a student back then!
I guess the fact that I was heavily involved in open source (where every single project used .org domain if available) never made me think they were in any more "reputable" than eg. .com.
So, how did anyone ever get the notion that they were restricted to non-profits? I know that "choosing your domain name" guides at the time mentioned how .org is a good candidate for non-profits, but how did that evolve into "only registered non-profits can get a .org domain"?
Interestingly, Wikipedia's entry claims (without citation!) that .org "was originally intended for non-profit organizations or organizations of a non-commercial character that did not meet the requirements for other gTLDs." [0]
I believe RFC 920 [1] was the guiding document when .org was established in 1985. It cites no restrictions on .org second level registrations, merely that "ORG = Organization, any other domains meeting the second level requirements."
> There are no hard and fast rules that will readily determine whether a website is credible. I think that teaching people that they can simply look for .org in the URL and immediately accept a website as credible can do more harm than good.
> Instead, we should be providing everyone with the critical thinking tools they need to evaluate and assess sources themselves.
This kind of thinking is incredibly important. Many believe in only following one or two "credible" news sources instead of trying to get the point of view from a variety of outlets. Others like to block a list of websites which someone decided was fake news.
There is no easy way to determine what is true and what is false. In fact, most of the time there is no definite "right" and "wrong" - instead, both sides of an issue will have important pieces to consider. In fact, there's hardly ever just two sides to an issue, rather, a wide range of opinions.
I was not taught this in school. I was taught to trust .org websites.
How on earth did your teacher think .org was trustworthy?
A trouble with trusting news that's true instead of fake is it misses the point that even true news gives a false feeling even if all the facts are true. They use scary language, omitting inconvenient facts, subjective exaggerated sounding words, quoting real people stating false facts, etc. Those feelings have actual consequences on how people vote and what decisions they make. For example, the great Pacific garbage patch was shown dramatically on TV a so dense you could just about walk on it and led to people not wanting to put plastic bags in the landfill. They were so overwhelmed by the demonization of plastic, they didn't pay attention to the facts. That whole Trump thing was filled with it too. They didn't really lie but they made all his actions sound bad so people hated him.
You're right that media can be manipulative without explicitly lying, but let's be clear, Trump's actions alone were more than enough to make people hate him without any media manipulation whatsoever. All that hate was earned.
Not really. New rules were invented just to make him be wrong. Like those issues with the Mexico border and aggravating North Korea. Biden has recently aggravated North Korea too but people don't seem to be afraid he's starting a nuclear war like they were when Trump did it. Biden also hasn't opened the border with Mexico to allow visa-free entry yet people aren't calling him a racist for it.
He certainly did some really bad things like mismanaging Covid, but most of the hate was about things he said, not things he did like invading Iraq or wiretapping his political opponents' headquarters like previous widely hated presidents have done.
Some of the hate was even about his physical appearance - the color of his skin, his hairstyle, the shape of his hands, etc. That absolutely wasn't earned. It was just hateful people spreading hate.
Are you kidding me? Sure you can make it sound trivial if you give the weakest possible examples.
Let's talk about the border: Trump literally campaigned on the slogan "I'll build a wall and have Mexico pay for it." And what did he do in reality? When attempts to make Mexico pay for it failed miserably, as predicted by anyone with common sense, he begged and bullied congress (to the point of a government shutdown, no less) to put aside American taxpayer dollars for it. When that too failed, he attempted to pilfer money from various other government departments like homeland security and defense. By comparison, Biden has shut down construction and returned that money for its original uses. And I'm not even sure what you're talking about with that "open borders" nonsense. Nobody has ever actually advocated for that other than the bogeymen from the fevered nightmares of Fox News commentators. You're buying into your own propaganda.
As for North Korea, they were antagonized by Biden calling their nuclear program a "serious threat" to American and world security. What did Trump say again? Oh yeah, he called Kim Jong Un "Little Rocket Man" and said that North Korea "will be met with fire and fury like the world has never seen". I consider us all lucky that so much of Trump's administration turned out to be all talk and no action.
And yes, Covid. How many hundreds of thousands of Americans are dead because he refused to acknowledge reality and continued to lie and undermine public caution towards the pandemic? What other moron could possibly turn something so simple, easy, and painless to do as wearing a mask in public into a full blown culture war? Now we have grown adults whining and crying like petulant toddlers when asked to put on a fucking mask.
Yes, now I'm starting to lose my temper and ramble, but fuck it. That's how angry I get when I see people try to minimize the monstrous idiocy of the Trump presidency as just being the big bad news media out to get poor Trump. I could go on and on like this, but instead maybe I'll just call him a fat, orange, tiny handed imbecile with the world's most absurd combover - not because I hate him for these things (honestly, I couldn't care less about his appearance) - but because it relieves a little bit of the anger caused by him constantly running the country into the ground while claiming that he's making it great.
People are asking who believes this and I can tell you: my college students. Every semester I talk about researching and when I ask them how they can tell if a web site is credible at least one will say if it is a .org or .edu.
Then I show them http://www.dhmo.org/ and a .edu hosted anti-science web site from a religious university to prove it isn't true. Then on the test they still say you can tell if a site is credible because it is a .org or .edu...
I'm in my 30s and finally going to college and can confirm that many of my fellow students (most in their teens or early 20s) believe that .org domains are credible. I've pointed out that anyone can buy one for $10 so hopefully some have taken that to heart, but I wonder where are they getting this from?
The one I use is basically trying to prove their religious text is correct even though science says that animals mentioned in the religious book were not native to that area.
You actually need to provide some document proving you are charitable. This is the criteria catalogue:
Focused on acting in the public interest: Whether in support of education or health, the environment or human rights, members of the community work for the good of humankind and/or the preservation of the planet and do not promote discrimination or bigotry.
Non-profit making/non-profit-focused entities: While many NGOs and ONGs engage in commercial activities or generate revenue in support of their missions, members of the community do not recognize profits or retain earnings.
Limited government influence: Recognizing that many NGO and ONG organizations have important interactions with government, not least for reasons of funding (which may include receipt of some government funding in support of their programs) members of the community decide their own policies, direct their own activities and are independent of direct government or political control.
Independent actors: Members of the community should not be political parties nor should be a part of any government. Participation in the work of a NGO/ONG is voluntary.
Active Organizations: Members of the community are actively pursuing their missions on a regular basis.
Structured: Members of the community, whether large or small, operate in a structured manner (e.g., under bylaws, codes of conduct, organizational standards, or other governance structures.)
Lawful: Members of the .NGO and .ONG community act with integrity within the bounds of law.
> The common explanation is that only non-profits, professional associations, and other organizations are able to register a .org domain name.
Even if that were true, how would it indicate any credibility? Being a nonprofit (a) is defined differently in every country and (b) in the US, just means that the organization advances some sort of social purpose (may or may not be one you agree with) and does not accrue profit on behalf of its members. It in no way means they are trustworthy nor that they are qualified to speak on the issue at hand.
> in the US, just means that the organization advances some sort of social purpose
No, it doesn’t even mean that, unless “social” is defined away to meaninglessness, since a nonprofit can serve virtually any imaginable human purpose; it.can’t return a profit, but it can exist to drive on for a group of firms (trade associations are a valid class of tax-exempt nonprofits.)
Some categories of nonprofits, particularly donation-deductible charities, are defined by social purpose, but the category as a whole is not.
I came up with the below around 20 years ago when I was first exposed to tech-teachers (outside Uni) and auditors (work) (I blame it on reading too much Dilbert)(I am aware that the 1,2 are common, I thought of 3,4 at the time)(I wouldn't be surprised if 3 is common)(but 4 is definitely mine)(I honestly believe I came up with 3,4 - it was 20 years ago so apologies if I remember that wrong).
1) Those who can, do.
2) Those you can't do, manage. (partially "Peter Principle" imho)
Not sure what this site is doing to screw up scrolling but jeez... it seems like my $4000 MacBook Pro should be able to handle scrolling a static webpage. But nope, this is jittery as hell, in both Safari and Chrome.
time for a new domain name about how janky CSS and excessive javascript doesn't mean credible. It looks fine for me but I think that's because ublock origin is doing its job.
Its on the internet, you need to question its credibility from the start. The rest is just details. The internet is the wild west and you need to look out for yourself at all times.
I don't think this practice should be limited to the internet. Question what you watch on TV. Question what you read in newspapers. Question what you hear from political leaders, activists, pundits, economists, teachers, and even scientists. Think critically about what you see and hear, regardless of the source. Look for evidence and second opinions from multiple sources with a history of credibility. There are many individuals and organizations out there who benefit from your support and none of them are incorruptible.
We were being taught about the internet. The teacher made a weirdly specific rant about how wikipedia was unsafe. Two slides later and we were told that org domains were more trustable than com. I pointed out that wikipedia was an org domain. I was sent to the principal's office.
Our classroom discussion of Wikipedia was "You should never cite Wikipedia... because it's an encyclopedia, and you should never cite encyclopedic knowledge anyways." Otherwise, the general sentiment of Wikipedia at school was that it was a good resource for finding resources.
As for .com versus .org, I think we may have been told that .org was somewhat more trustworthy than .com. But we were generally told to favor .gov over both anyways; outside of that, it was a matter of understanding the webpage context to know who was publishing the content and attempting to assess their biases and how that affects the trustworthy content. Definitely would have been something about how even a .edu page might not reflect academic research anyways (since students might have their own personal webspaces on a .edu site).
The further back in time you go the more ignorance and skepticism of Wikipedia you find. When I was in college in the early 2000s the professors would say “don’t use Wikipedia, anyone can edit it so you can’t trust anything it says”
The thing about Wikipedia is not so much that it's "unreliable", it's that, for any topic that is at all disputed, in order to know if what you're reading on Wikipedia is reliable, you have to already be knowledgeable about the topic, in which case you don't need to find out about it on Wikipedia.
In order to know if anything you are reading anywhere is reliable you have to already be knowledgeable about the topic. It doesn't matter if you are reading about it on Wikipedia, a random blog, a printer book or a published paper. The thing about Wikipedia is that for most popular topics that you aren't knowledgeable about you can be sure they've been reviewed by thousands of users and kept somewhat reliable and up to date, unlike reading the same topic on a random blog or an old printed book.
> In order to know if anything you are reading anywhere is reliable you have to already be knowledgeable about the topic.
Not necessarily. Consider a good textbook or paper on, say, physics, for example. The textbook will not just tell you things, perhaps with a bunch of references. It will actually construct the theoretical model(s) it is going to use, step by step, starting with premises that are either common knowledge or are supported by experiments (an example of the latter is the premise that the speed of light is the same in all inertial frames, which Einstein used to construct the theoretical model of special relativity in his famous 1905 paper). You don't have to already be knowledgeable about the topic to evaluate what you're reading. You can evaluate it on its merits: are the premises true, or at least reasonable? Is the construction of the model valid?
There are some articles on Wikipedia that actually try to do this; but the ones that do it correctly, that I've seen, aren't on topics that are at all disputed. That's why I put that qualifier in my statement.
> The thing about Wikipedia is that for most popular topics that you aren't knowledgeable about you can be sure they've been reviewed by thousands of users and kept somewhat reliable and up to date
You must be joking. Most articles on Wikipedia have only been reviewed by a small number of people. And for any topic that is at all disputed, those people are all partisans, and usually they are mostly partisans of one side, who revert or overwrite any contributions they disagree with. In some cases, when there are vociferous partisans on both sides, the whole process breaks down and it's basically impossible to get any useful content into an article.
This is true for books and other sources too. I remember reading that really popular sleep book, then going and looking at the papers it cited and seeing the first one I read showed the 7 hour bucket had lower all-cause mortality than the 8 hour bucket. I also remember an article posted on HN at the start of the pandemic that claimed masks were ineffective, but as proof cited a study that showed the best mask fabric blocked 99% of aerosoles and the worst blocked 20%.
Every now and then I play the “is it bullshit” game on Wikipedia. When I come across a reference that just gives me a gut feeling as being off, I’ll follow up on the citation.
Usually it’s just a strangely worded sentence (common on biographies of not-famous people). Every now and then I’ll find completely fabricated information with sources that either a) don’t exist at the URL or b) say something completely different.
On the other hand, there’s been at least one case where unsourced information on Wikipedia was cribbed for published articles and then the published article was used as a citation for the Information on Wikipedia
The opposite happened to me. I wrote an article, which 7 years later was plagiarised on Amazon. My article got taken down on the basis that it plagiarised the Amazon book. Fortunately the publication dates made it pretty clear what had happened and it got fixed [1].
I never bothered to take it further, so the plagurist's book is still available and has been used as a citation in other Wikipedia articles [2].
I've definitely run into a few cases where this loop exists already, the most annoying one being the age of the Susquehanna River (whose current cite for age is a publication which explicitly cites Wikipedia).
There are very few well known tlds that have real restrictions on applicants, so why not just generalize and say “the internet doesn’t mean credible”? I guess it’s hard for me to empathize since I’ve lived through the 90s and own a dot org myself.
On the other hand, I still have an almost instinctive aversion to all the sites with new TLDs that I come across in search results, because they almost always seem to contain SEO spam or similarly vapid content.
Likewise, .ws and .us used to be the TLD of choice for cracks, warez, and all the "fun" stuff.
Either way, I think all TLDs do have an implicit bias associated with them. For me, .com .org and .net are a neutral connotation. They don't mean "credible", but also don't "stick out like a sore thumb" unlike some of the other newer ones.
> On the other hand, I still have an almost instinctive aversion to all the sites with new TLDs that I come across in search results, because they almost always seem to contain SEO spam or similarly vapid content.
for SEO stuffers, spams, scams and phishes, a lot of these new TLDs are popular because they're used in a disposable fashion. Many of them have first year promotional pricing of $2 to $6 to register the domain (as compared to $9-10 for a .com), but the price goes up to $25/year for all subsequent years. People using the domain names like a throw away paper towel, registering dozens or hundreds of them, only care about the first year cost, because there's no way they're going to keep using the same one beyond 12 months.
Carnegie Mellon had a rule (mid-2000s) that you could only host .orgs from the static IPs you could register on your dorm Ethernet. I launched openpodcast.org & bibme.org as a result of that. I always thought it was a senseless rule.
Any .org.au domain has to be a registered Australian not-for-profit (there are currently 11 allowed types). Similarly, any .com.au or .net.au domain has to be a registered Australian business. I assume various other countries are similarly strict about legitimacy of domain ownership, I've never checked. And yes, I know, these TLDs have nothing to do with .org / .com / .net, as such, except that they look similar.
So, for .org.x domains for certain x at least, it does mean credible.
Technical people know this, non-technical people will click Continue on huge red pages warning for phishing. Not sure who is the target audience for this website.
Sure it doesn’t, as claims that a reputable site like thepiratebay.org might be “sketchy” are… not very credible. :P
Restricting access to .org to just registered non-profits would be just pointless, because there are some notable parties that may not ever receive official recognition, e.g. human right activism in Belarus.
Unless .org would be restricted to US-based organizations only, that would make a whole lot more sense.
There was a time that some Microsoft software was free for evaluation for college students, but in fact, anyone with a .edu domain name was able to sign up.
While I took advantage of this as a high school student, I assume faculty and non-teaching staff, as well as alumni, could have done likewise.
At this point, TLDs matter about as much as your area code. They ceased being useful in the mid-2000s.
You can be <anything>.org but it doesn't mean people will find your website, or use it, or tell other people to use it, or even trust it in the first place. Same goes for <anything>.com, <anything>.net, etc.
.org is a great way for low-income websites to stay on the internet. I run a tiny organization, so I use .org.
As far as I can tell, the verification is basically an annual email that registrars send reminding domain owners to update their contact information and for which no actual follow up is performed.
If you had no clue about how domains are allocated, why wouldn't you believe it? "These domains are given to group X" sounds totally believable - and is indeed the case for some TLDs?
Since it's show 'n tell, you can't get a .bank without a bank charter. https, dnssec, tls > 1.2, and dmarc are all mandatory and the registrar does scan everything in your dns zones for violations.
That's all pretty performative given that the largest and most important banking sites on the Internet (1) aren't on .bank and (2) don't use DNSSEC; that this is the case despite those banks operating some of the largest and best-resourced security teams in the industry should tell us something.
As someone who started their career at an F100 and now consults in the SMB space, all it really tells me is that the change is not worth pushing through the bureaucracy and bringing a new mandatory thing to millions of consumers.
At a small town bank, whose risk tolerance is maybe one major loss event per decade? Where a given complaint is never more than 3 people removed from the CEO? Who'se antifraud resources are just normal bankers that also have some extra tasks assigned to them?
Being able to get homoglyph attacks off the risk board at the cost of a few of my billable hours and a week of effort from the marketing person is a no-brainer to them.
> The URL had been registered back in 1999, before 2001 regulations restricted the “.edu” designation to accredited higher educational institutions. “[D]espite its misleading top level domain,” noted Kathleen Fitzpatrick (2015), head of scholarly communication at the Modern Language Association, “Academia.edu is not an educationally-affiliated organization, but a dot-com.” Like other prior domain filings, Academia.edu was grandfathered in, granting the startup a time-sealed patina of nonprofit credibility
>This domain is intended for commercial entities, that is companies. This domain has grown very large and there is concern about the administrative load and system performance if the current growth pattern is continued.
There's this common misconception that sans user input a site is fine without https.
Unfortunately this is not the case. Site security serves not only the purpose of protecting user input, but also ensuring that the data you are receiving has not been altered, ammended or replaced.
At the low level it stops an ISP injecting their own ads or tracking, at the high level it prevents the injection of malicious code downstream from the site itself.
Things like link-replacement, javascript injection, altered text, and so on make even read-only style sites untrustworthy over plain http.
>A site without a user facing login really doesn't need SSL. And SSL is pointless on said site if it's for instance a Let's Encrypt.
Depending on the ISP is trust worthy. In this day and age, none is trust worthy. Any network between server and browser can alter the content if it is NOT ssl encrypted. In US it is very often you see Verizon (not to single them out) modify the http content before they deliver to you. I guess it all comes down to if you want to get the actual content that is unmodified by the network routes between you and the server.
"And SSL is pointless on said site if it's for instance a Let's Encrypt."
That isn't pointless SSL. Let's Encrypt isn't going to protect you from nation states, but cyber criminals aren't going to be invested or necessarily sophisticated enough to get Let's Encrypt's CA keys. Also, if you are worried someone will take over your Let's Encrypt automation and generate new certificates, they probably could use the same RCE to get at your private keys or directly sniff traffic from the compromised system.
If you qualified this statement with "if the business is large cap", everyone would agree but then again that's why BigCo uses traditional CAs or roll their own.
> A site without a user facing login really doesn't need SSL. And SSL is pointless on said site if it's for instance a Let's Encrypt.
Depends what you mean by need. SSL/TLS still provides benefits like privacy (from third parties) on what you're viewing on the site, as well as no malicious content being injected. It's not just useful to protect your POST requests of username and password.
If I start a new taco truck company and put "burrito.services" or "burrito.catering" or "burrito.ai" in a huge font on the side of the trucks, a fairly large number of people aren't going to immediately recognize that as a web site address.
On the other hand, if I'm lucky enough to get the domain burrito.net , most people will recognize that as something they can type into a web browser address bar.