Consider disabling lookalike url navigation observer

[jumde]

Chromium enabled this feature by default: https://tech.slashdot.org/story/19/01/30/2020218/google-chrome-to-get-warnings-for-lookalike-urls

Can be annoying to users: https://community.brave.com/t/did-you-mean-to-go-to-all-of-a-sudden-displaying/50950/6

[Brave-Matt]

Support's two cents:
I think overall this feature is well-intentioned. This would be especially useful for Brave users given that many of them are involved in/browse cryptocurrency sites/exchanges which are notorious for these "lookalike" URLs. Having this feature implemented could save users from sites attempting to steal credentials for these sites.
If it's not sending network requests or compromising security, I think this is something that should be surfaced and included in Settings so that users have access to the feature but can also easily turn it off should it annoy them.

[weeblr]

User's two cents:

It's all fine and dandy until it's your own small business website that Chrome/Brave decides to send potential visitors away to a much bigger competitor.

If this really is a security feature, will there be some kind of whitelisting possible?

Best regards

[Brave-Matt]

Yes, this is considered a security feature. Phishing is a real thing. There are several websites sites, especially those centered around Crypto, that warn you to ensure that you're on the site you believe to be:

[weeblr]

@Brave-Matt Well, if Brave tries to lures users willing to visit weeblr.com, a perfectly fine, secure and honest website, into thinking it's a bad site and strongly suggests to visit weebly.com instead, isn't Brave itself doing phishing now?

The problem here is that the selection of the "offending" site is not based on security. It's not based on whether the site is a phishing target. It's not based on anything but a simply similitude between the 2 names. And that's not enough. There's not even a place where we can go and ask to be removed from that list. Of course, we're not big enough to sue but I guess at some point someone will. I guess the people from vive.com won't like seeing their visitors suggested to go to live.com. But they're a big company so I guess they'll find a way.

It's not even based on trademark as our trademark actually pre-dates that of weebly in our trademark class.

[rebron]

Looks well intentioned but it doesn't work even with a simple use case where a user going to vive.com is then directed to go to live.com.

[rebron]

Closing. This is fixed with brave/brave-core#2382. In process to be uplifted to 64.x.