URL "Lookalike" suggestions appearing while browsing

#1

Description

Users have been reporting that they see messages alerting them that they may have accidently gone to a site they didn’t intend to go to:
brave

This is the result of a Chromium feature found in brave://flags titled #enable-lookalike-url-navigation-suggestions. This flag when toggled will enable/disable this feature in Brave.

We’re discussing internally how we’d like to handle this feature, but would like to note that the feature is intended to stop users from visiting sites that contain malware or fake sites setup for phishing that capitalize on users mistyping URLs into the address bar. It’s the same reason Binance has this message on their login page:

We’d also like to note that there’s no network activity associated with this feature – the sites are pulled from a static set of data that is created at build-time.

We will likely keep this feature as it has many benefits and may help users avoid landing on malicious websites. We are, however, discussing the idea of surfacing this flag to Settings so that it can be easily enabled/disabled as per user preference.

Related Threads

1 Like

How to get rid of "did you mean to go to" suggestions when the URL entered is valid?
#2

Can you provide me with a link to where this is happening or background on how this list is built (presumably by the Chromium team?)

This list is actually not based on security consideration - or else one of our site would not be on it - so I’d like to dig further and understand how a web site can end up on that list and suffer from it.

Best regards

0 Likes

#3

Quoting you from another issue on this topic:

In you’re example, it’s likely that many people intending to go to “live.com” may have wound up on “vive.com”. Malware and phishing website will take advantage of small errors like this

And that’s exactly the problem: many people actually wanted to visit vive.com which is not a malware site but a Virtual reality headset maker. Of course, they are much, much smaller than live.com in terms of traffic and engagement I’m sure but it shows again the list is just plain wrong.

Best regards

0 Likes