SSAC says emoji domain are like 😈, gives 👎 to their registration.
Emoji domain names have received some press over that last year thanks, in part, to .ws allowing registrations of emoji domain names.
Now, the ICANN Security and Stability Advisory Committee (SSAC) has published a report (pdf) warning against the use of these domain names.
The brief report notes that emoji in domain names are not allowed under the Internationalized Domain Names in Applications (IDNA) standard. They aren’t universally accepted and do not work across all devices.
They can also be difficult to decipher. Many emoji look similar to each other and some emoji can be “glued” together using a special zero width joiner (ZWJ) code point.
This creates a major problem:
The whole point of an identifier is to specify something unambiguously—this thing, as distinct from all other things. To a user, a single unmodified emoji might look exactly the same as its “glued together” counterpart, and systems that do not support emoji composition using a ZWJ will display the individual components of a “glued together” emoji as a sequence of separate emoji, with results that may visually be very different from what was intended. This is acceptable for interpersonal communication, particularly when it is augmented by shared context, but it is not acceptable for Internet identifiers, particularly DNS root labels that must be unambiguously resolved independent of any context.
Furthermore, Unicode 8.0 allows variants of emojis that change skin tone. This can make it even more confusing.
Another issue with emoji domain names is accessibility for visually impaired people.
The SSAC concludes its report with two recommendations:
Recommendation 1: Because the risks identified in this Advisory cannot be adequately mitigated without significant changes to Unicode or IDNA (or both), the SSAC recommends that the ICANN Board reject any TLD (root zone label) that includes emoji.
Recommendation 2: Because the risks identified in this Advisory cannot be adequately mitigated without significant changes to Unicode or IDNA (or both), the SSAC strongly discourages the registration of any domain name that includes emoji in any of its labels. The SSAC also advises registrants of domain names with emoji that such domains may not function consistently or may not be universally accessible as expected.
Hi there… I’m Jon, the guy behind i❤️.ws. We’ve registered a ton of Emoji Domains.
This report is the beginning of a conversation and I largely agree with its conclusions.
There’s no doubt that there are issues with homonym attacks in Emoji Domains, but that threat also exists in the dotcom world. As someone pointed out on twitter, there’s”http://weed.com , http://weed.com (xn--eed-v6x) & http://WEED.com (xn--58dxa0a)”
Heck, dotcom even allows hieroglyphic domains.
Personally, I think the way forward for Emoji Domains is to white list a clear, unambiguous set of emoji: ❤️⭐️⚽️ …etc… and get rid of all the skin color modifiers.
After that, you end up with a clear and universal set of hundreds of emoji, totally useful in worldwide communication. People send hundreds of millions of Emoji txt messages every day, so it’s not like this is a new, unfamiliar concept to mobile phone users.
For our part, we’re going to publish an open standard and start warning people when they register confusable emoji.
im with Jon
http://www.emojiurl.com
You don’t even have go as far as banning all the modifiers! Some of them like ♂️ are perfectly acceptable as standalone emojis, but are also used as modifiers.
Just ban use of the zwidge. That’s where all the issues happen with combination emoji, without it it’s very easy to tell everything apart.
Are these compliant with Handicapped Accessibility Standards for those using a Braille keyboard? Many rely on converting the alphabet to sound in order to see the internet. How will these characters each uniquely translate to audio? Otherwise Emojis exclude the blind from participating.
Had I read the article prior to posting my previous comment I would have seen the issue of visual impairment has been raised. In all fairness, as soon as I saw the headline my concerns were the same. Nevermind.
well summarized, ICANN says not ready enough for emoji’s to be right of the dot. probably right for now
Innovation may happen outside the ICANN purvue in the cctlds, but the marketplace likes global languages on hundred of millions of devices, popular with kids and on mobile, and likes visual emotional messaging.
Emojis in .ws are our only color domain names, and our only visual domain names on major keyboards, great for mobile and my kids finally think something im doing is cool.
Until more devices are on board, and white space or banned characters dealt with maybe emoji are in beta, but like gmail still being in beta – can still be used hundreds of millions of times daily and globally.
and like uber using unlicensed taxi drivers and amazon not collecting sales tax, the market and regulatory bodies may be at odds for years. – but innovation finds a way.
the IDN’s at the root of the zero width rejoinder issue are distinctly different domains – one being a hypotheical XN–123, one being XN–1234fgtgrdt5
so its still one domain name, one nameserver IP, and links and emails go where they are supposed to.
thanks Andrew for he link to the report
Page Howe
The report suggests against emoji domains to the left of the dot.
I can’t be bothered reading the report as the conclusions seem unjustified.
My current impression of these conclusions and having read the intro and body of this report as that it’s short sighted.
Fair enough about the main issues they flagged.
However, I’ve been involved with the new TLDs and when I consider how flawed this process was and how money influenced the process I have to question the legitimacy of these findings.
I consider this report and ICANN rubbish but that’s a personal so we don’t get confused.
Have a look at how ICANN managed religious domains and you will see how biased this corporation appears.
interesting reading the other SSAC reports, i respect the independence of this group to even fault ICANN and the IETF for its role in the instability of the naming system currently in December
Finding 2: More specifically, the SSAC finds that the lack of adequate coordination
among the activities of several different groups contributes to the domain namespace
instability identified in Finding 1:
• ICANN, in its role as coordinator of the allocation and assignment of names in the root zone of the Domain Name System,17 by inviting applications for new toplevel domains without specifying unambiguous criteria for determining whether a given string may or may not be (or potentially become) a top-level domain name label;
• the Internet Engineering Task Force (IETF), in its role as the Standards
Development Organization for the DNS protocol, by reserving some domain
names for special use;18 and
• other individuals and organizations, by using independently selected domain
names in environments that cannot reliably be distinguished from the environment in which domain names are resolved by reference to the global DNS root.19
ICANN is just jealous I have the single T Rex emoji domain name.
which is super cool!
Using Google Translate and text to speak, the audio will state, when using the pizza slice emoji “Pizza slice” https://translate.google.com/#auto/en/%F0%9F%8D%95
Emoji domain names should not be any different, even though the Puny code would have xn--vi8h as the subset code, the text will be the same, if not emojis will actually have a beneficial factor for blind people because they are already categorized in the emoji preset keyboard along with other food: Furthermore search in Google: https://www.google.com/search?q=%F0%9F%8D%95&oq=%F0%9F%8D%95&aqs=chrome..69i57j69i59j0l4.311j0j4&sourceid=chrome&ie=UTF-8
Hi,
Very interesting post that you can use emoji in domain names.
How do you enter the domains when using a normal keyboard and not a smarphone?
Will Google index these domains if I register and use an emoji domain?
Emoji Domains are, indeed, indexed by google as emoji. Do a search for “Emoji Domains” — you’ll see.
bank⭐.ws
blue⭐.ws
business⭐.ws
casino⭐.ws
crypto⭐.ws
discount⭐.ws
fashion⭐.ws
game⭐.ws
Home⭐.ws
Lucky⭐.ws
Movie⭐.ws
My⭐.ws
New⭐.ws
Next⭐.ws
I think we can´t misunderstand the meaning of this emoji domain names!
Some emojis are ambiguous and risky. OK. For important domain functions, shun those.
Are some emojis unambiguous? Or is the ambiguity manageable through a defensive domain registration strategy? If Yes to either of those questions, then people would be safe to use that subset of emojis.
I don’t know the answers, since I’m unfamiliar with “glueing” emojis together – which the ICANN report singles out as a risk factor. If “glueing” makes 1 emoji indistinguishable from X many other emoji combinations, then we’d need to know how big X is.
When new technology comes, it will also come with security issue, I do think we will have new technologies to deal with this.