[liberationtech] New Access report on fake domain attacks on civil society

[Tom Ritter]

This is cool.  I hear pretty frequently that phishing and
phishing-like attacks are huge problems for activists, I think this is
a great example of how work can be done to combat this.  If users are
running into this regularly, maybe it'd be cool to have a submission
form to queue up analysis of pages for forging, to let people all over
the world submit the real and forged site, then do some heuristics and
potentially flag it for manual review (maybe even crowdsourced).

And Dan raises a good point.  Kneejerk reactions make bad laws - I
think we as a community can easily distinguish between reasonable
fakes for political purposes, and fakes that are intended to
maliciously deceive.  In my mind: no malware and no phishing
(intentional or unintentional).  Any group wanting to pull off a fake
domain for publicity shouldn't replicate any sort of login or signup
form.  Don't give people the opportunity to send you sensitive data,
or you're going to be looking like scammers. The Yes Men and the PINK
campaign got this right.

-tom