I agree with you on this one. If I wanted to copy paste Iâd only use the address itself
if ENS is unwilling to change the smart contract, enforcement going forward at the client is one step in the right direction, but not sufficient for all of the already-acquired spoof domains. making ZWJ-domains un-routable at the network level might be a solution. and yes, putting more logic into the client will be complicated if you want to make it smart enough to allow bonafide ZWJ emojis but not âforgedâ ones, but itâs doable. regex anyone?
âmaking ZWJ-domains un-routable at the network level might be a solutionâ
Not sure what you mean here. ENS is is just smart contracts on Ethereum and resolution just means a client reading from the Ethereum blockchain, there isnât any other routing.
âputting more logic into the client will be complicated if you want to make it smart enough to allow bonafide ZWJ emojis but not âforgedâ ones, but itâs doable.â
Clients can provide warnings (to allow people to still use something deemed suspicious if they are intentionally using it), and as Iâve said in fact some major ones already do, but it would be great if it was more widely used as Iâve said.
i really hope u are right
but i know that when i send eth to uniswap, yearn, etc im not typing in addresses itâs a button click and thats the direction its moving for UX
no name is aesthetically scarce with zero width joiners, just the opposite and they are all still functional with unlimited availability for what looks like the same name, i wonât be the only one that wants my money back
I donât know about that, guys. most traffic is mobile now and I think people routinely use âclick to copyâ when presented with an address. Iâve never typed in a meaningless 42-character eth address - have you?
Iâm still in favor of raising prices on domains containing ZWJ and other misleading characters. The 4-length pricing should discourage anyone maliciously buying these up and would also add value to the real ones being cheaper to renew.
Never but I used to triple check the address every single time
I donât think paying an extra $145 for a spoofed commercial or professional domain name will deter scammers who aim to make $100,000+. fraud pays well.
good practice, me too, but joe public wonât do that and heâll blame ENS when he sends his $$$ to a spoofed site
Maybe gracefully
make them pay $145 for the next year then $640 for the years after. The latter for newly registered ones. At least we would see a decrease in this fraudulent trend I think.
In those cases youâre not using ENS. Unless Iâm misunderstanding you?
Correct, and in those cases people arenât using ENS. An advantage of ENS is that you can easily remember and type in your ENS name, no need to copy and paste a long crypto address.
Thanks for bringing this up.
To bring some clarity to the discussion:
- ENS uses UTS-46 normalisation, the same standard used by Punycode, to normalise names. This prohibits or strips most non-printable characters, as well as performing a bunch of other important normalisations.
- Weâre not as restrictive as ICANN is for most gTLDs, because we think things like Emoji names are neat uses of ENS. Zero width joiners are used to compose certain emoji - such as woman + rocket => astronaut, which is probably why UTS-46 doesnât strip them by default.
- The way ENS prohibits resolution of names that arenât UTS-46 normalised is not at the smart contract level - baking the normalisation logic into a contract would be impractical - but rather by making it part of the client-side resolution process. If all clients use the same normalisation process, then names that arenât normalised will never be resolved. You could still buy those names by interacting directly with the smart contract, but since no client will resolve them, the name has no value.
- We will look into making additions to the normalisation rules to prohibit the cases youâve identified, without making existing legitimate names un-resolvable.
- We donât have any mechanism to revoke ENS names. We certainly wouldnât refund registrants of names that were registered to be deceptively similar to other names, if the normalisation rules render them un-resolvable.
Completely agree. Itâs like someone pays entrance fee to get into club/disco, try to scam people, get caught and kicked out. No bouncer will refund you the entrance fee.
Thats not what its like at all. Its more like a centralized authority saying, âitâs okay to buy this name, we have this name for sale and it worksâ and then making it not work and decided its not okay to have and keeping the money.
This scenario of refunds was being discussed within the context of retroactively making zerowidth domains unresolvable. It would be exactly like selling a working product to somebody and then making it not work and keeping their money they spent. Maybe somebody bought a name they wanted personally using zero width or some non ascii bc they really wanted it to look like that bc they were just a big fan of the name, you donât know.
And who are you, other than part of central command structure, to decide who is buying domains to scam people width zero width etc and who is buying with text art, you have the blinders on. If you didnât refund people in this scenario who is to say there wonât be some other decision in the future where we have to divert to your wise judgement on whether or not its moral to refund somebodys money you accepted on account of your own teams short sightedness early on in the project with this very issue? It sets a precedent and doesnât look good.
The refunds were only brought up within the context of making domains unresolvable, which it looks like wonât happen anyways because its too expensive to fix the contract now and the problem is being pushed onto the wallet providers etc.
Edit: I see now that making names unresolvable is client side. any name sold that was resolvable and money ens profited by selling a working name should be refunded if they later make it unresolvable.
I personally donât own any âscamâ domains meant to spoof except maybe vitalik.eth but thatâs really more of a collectible name, I still want to see all names refunded that were sold and made retroactively unresolvable
btc.eth
link.eth
dcl.eth
dot.eth
uni.eth
xrp.eth
Just this small sample is available in unlimited quantity and functional. Only the ones without zero width cost big premiums on top of renewal. All of the zero width versions (virtually unlimited) are way cheaper and look the exact same and function the same.
Itâs like ens is selling Louis Vuitton bags AND the knock offs
It looks bad
Why would you want to refund fraudsters (assumimg most non-emoji zwj names were registered with bad intentions) when the same money could go into marketing or partnerships for example?
The LV knock-off analogy you provided is inaccurate here I think. If the police caught you with a van full of fakes youâd either get sentenced, pay a huge fine or at the very least get the goods taken away from you.
Perhaps if you already got your one knock-off you would like to use it yes. But you shouldnât be able to sell them to customers blind to see the difference.
So what could be a good solution that is not client-side to stop the aftermarket of these domains?
Because I donât think non-transferability in itself would be possible for the erc standard utilized here.
Nor is it possible to just set all Registrant
To a burn address (0x0) I think but in that theoretical case you could still renew and use existing records as is without being able to sell. And it would of course also ruin the point of self-custody in decentralization as a whole.
So we are basically left with partial client-side fixes and resolver / pricing updates.
No refund for fakes is my take on this.
Every 3 and 4 letter crypto name
Every celebrity name
Everything popular and unique
All of these have fans and ppl promised exclusivity aesthetically. This was the justification for premium prices. And all of them have nothing unique about them anymore as far as availability goes and they are all functional.
And the âvan full of fakesâ ens sold the fakes! This is lack of foresight and itâs a big deal. Ppl arenât going to care if there a warning on metamask about non ascii characters, if a person really wants doge.eth or eth.eth but itâs taken they can just buy one of the limitless other doge.eth or eth.eth names available with zero width for way cheaper.
Like there are a handful of ppl compaining rn imagine when there is more adoption and even when more of the ppl who already have what they think are cool one of a kind names they paid premiums for find out they arenât one of a kind
Not refunding assumed fraudsters is theft and makes ens look no better than real scammers like just fix it itâs been years and this is a time bomb
I see your point, indeed it could be a time bomb in its way. So youâre suggesting refunds and making them unresolvable at the same time am I right?
yes refunds for any name that is made unresolvable that was resolvable when initially purchased.
idk if they can just whitelist emojis as they come out and make all anything else that uses zero width unavailable. i think this would be best.
there are ppl using non ascii for text art and to make dongers out of eth names. imo the warnings ens has worked out with wallet providers would be sufficient for non ascii âclonesâ as long as all zero width names were unresolvable minus some kind of emoji whitelist.
In those cases youâre not using ENS. Unless Iâm misunderstanding you?
yes you are missing my point. uniswap is a contract address but i donât have to click to copy or type the address in.
paypal and venmo for instance, i donât have to type in my friends bank acct routing number to send them money, i look them up and click pay/send. web3 addresses used to send and receive payments will move towards having a clickable send/pay/buy button for the address just like when i interact with uniswap or yearn or any dapp.
in the future, when i have a list of web3 contacts that i interact with to send and receive money from friends and family to businesses, the ui wonât discern what is zero width joiners so you will have many clones that look exactly the same.
if im the worlds largest pizza chain and i want to start receiving payments in doge or btc or some erc20 token bc im forward thinking and i decide i want a triple pizza slices emoji .eth name so i buy it for 600+ dollars and think itâs unique or premium, well itâs not with zero width joiners. the front end ui will make any triple pizza slice emoji .eth ens name with zero width joiners look the same and ens promised otherwise and gave limited availability as a reason for premium pricing.
imo looking for solutions from wallet providers putting warnings on addresses seems like a temporary band aid.
the fix is to make all addresses using zero width joiners unresolvable, refund the money to anyone that bought a name using zero width, and maintain a whitelist of emojis that use joiners.
the zero width issue is bigger than the non ascii lookalike characters, but really why not just be done with it and make all non ascii names unresolvable and maintain a whitelist of emojis?