this post was submitted on 16 Aug 2024
18 points (95.0% liked)

Cybersecurity

5754 readers
169 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
 

https://github.com/positive-intentions/chat

im working on a decentralized chat app similar to Simplex with the additional detail that it's mainly presented as a webapp. Simplex recently posted on their subreddit about "somone else" having registered and hosted a copy of thier website/app.

this could be for something like phishing and they correctly notified people and reccommend to not download from there.

https://www.reddit.com/r/SimpleXChat/comments/1epuf5w/please_note_we_do_not_own_the_domain/

im now thinking i should point people to my github repository. (the links to the webapp and builds for ios/andoid/ desktop can be found directly there from the readme)... similar to a "domain", im sure its easy enough to create a new github organization and repo that looks similar to the one i already have.

i added a section in the readme about improving the security of the app by using a selfhosted version for those that want/need hightened security/privacy.

Simplex also mention they submitted a complaint to the domain registrar. id like help to learn about what other things i could do if somthing similar happens to my app. this is something that id like to know more about because its seems inevitable to happen (if it becomes popular) given my app is open source and easy to selfhost.

you are viewing a single comment's thread
view the rest of the comments
[–] starshipwinepineapple 1 points 3 months ago

It would be a good idea to at least buy one or several domain .TLDs for open source projects even if you currently aren't planning to make use of them. If nothing else getting a domain prevents someone else from registering it, and you could start using them to make legitimate results higher in search results. This is easiest when you are first starting a project and can check availability before settling on a name.

The problem is that there are hundreds of TLDs so you're not going to be able to register them all. Simplex mentioned they reported the domain. If you do an ICANN lookup you can find an abuse email for the domain, which would be an email for the registrar. You can report to that email and it is likely they will remove the site. You can also go directly to the TLD and report abuse to them as well.

Beyond that search for your project every once and a while and see what comes up or what doesn't come up.