Derek Torres and Stuart Mudie have just co-written a book entitled The Unofficial Guide to Windows Vista, which is due to be published by Wiley in February. Stuart lives in Paris and, since he also is a French to English translator, we have traded clients from time to time. When he asked me if he could guest blog on Naked Translations as part of the “virtual blog tour” he and Derek are organising to promote their book, how could I say no?

Internet Explorer 7 supports Internationalized Domain Names (IDN), which are domain names that may contain characters from non-Latin scripts such as Arabic and Chinese, or letters with diacritics as used in many European languages.

While this is an important breakthrough in opening up the web to other languages, it does mean that the browser is now more vulnerable to look-alike attacks in which one domain pretends to be another (such as www.examp1e.com instead of www.example.com), almost invariably for nefarious purposes. This is possible within the basic ASCII character set, but supporting IDN extends the range of characters available to many thousands.

In order to protect you from such attacks, IE7 restricts which scripts can be displayed in the browser’s address bar, based on your language settings. If a domain name contains characters from outside your chosen languages, it is displayed in Punycode form. This may not be the prettiest solution, but names like xn--bcher-kva.ch (the Punycode version of Bücher.ch) do provide a highly visible clue when things are not what they may seem.

Domain names are also displayed in Punycode if they contain characters that are not part of any language, if they contain a mix of scripts that do not appear together within a single language, or if any of their constituent parts contain characters that appear only in languages other than your list of chosen languages.

Those of us who surf the web in languages other than English may be surprised when we first encounter a Punycode URL like “xn--bcher-kva.ch”, but it’s good to see Microsoft doing something to make its browser more secure for a change.

– Stuart Mudie, co-author of The Unofficial Guide to Windows Vista