Topic: Plagiarism: the difference between "wallet" and "wallet" (Read 703 times)

Theymos ended the abuse:

There is no longer a difference between "wallet" and "wallet", so I'll lock this thread. Thanks theymos!

a very simple solution to this would be to disallow these types of symbols throughout the forum. Or at the very least in the english sections, in which there is absolutely no reason to need to use them. 

I can say about the russian alphabet. It has some cyrillic symbols which can be used in a homograph attack.

Lower case (6 identical symbols):
aбвгдeёжзийклмнoпpcтyфxцчшщъыьэюя
abcdefghijklmnopqrstuvwxyz

Upper case (11 identical symbols):
AБBГДEЁЖЗИЙКЛMHOПPCTУФXЦЧШЩЪЫЬЭЮЯ
ABCDEFGHIGKLMNOPQRSTUVWXYZ

Note that the cyrillic symbols are encoded as 2 bytes in UTF-8, therefore:
1) wallet = 6 unicode symbols = 6 bytes in UTF-8
2) wallet = 6 unicode symbols  = 8 bytes in UTF-8

Loyce, that is brilliant. I don't mind putting in a little bit of additional effort in looking at those google hits. So here goes.

Account 1: SenseiSan


Copied from


Account 2: LeonKG


Copied from


Account 3: Topotam


Copied from


Account 4: Vanopest


Copied from


Account 5: MalinkaOw


Copied from

These words, taken from Kamelia's quote in the OP, all show the same trickery:

The whole point of this thread is that there isn't any visual difference.

It's a visual trick, miners don't fall for that.

Tomato or tomato, if this is only detectable with wallet. I don't know how many posts could we find other than a few? also, I would like to know what is the difference visually? do you know how many ways we could use something trickery like this? we could do something similar with transactions and fool the miners by showing them Bitcash and say it's really Bitcoin.

@Mods: thanks for banning 2 of them, but one was missed.

I tried registering "LoyceV" on this forum, but I get "Invalid character used in Username.". I'm glad this is covered.

This is interesting and horrifying at the same time. The more I learn, the less I understand the internet.

You stumbled across a well-known security issue, which usually affects identifiers such as domain names.  E.g., paypal.com vs. paypal.com—see, the same difference!  Or the notorious whole-script confusable, appӏe.com (not the same as apple.com):



Lookalike letters from different scripts such as Cyrillic and Greek are used in lieu of Latin letters.  In this case, U+0430 CYRILLIC LETTER A which UTF-8 encodes to { 0xd0, 0xb0 }:



Tip of the iceberg, indeed.

This exact issue has spawned a plethora of discussion in Unicode TR 39, Internet RFCs (see especially the RFCs related to IDN, among others), and vendor specifications—not to mention, mountains of blog arguments.  I will try to gather up some links for further information.  A quote from UTR #39 below should give a brief overview of the types of confusables.  I will try to answer questions insofar as I reasonably may.

---

Registries (not registrars) typically have policies about this.  For example, off the top of my head / if memory serves, in .de you can register domains containing äöü but not any other non-ASCII characters.  The purpose of such policies is to prevent this type of attack.

---

I think this should suffice for an overview:

https://www.unicode.org/reports/tr39/tr39-1.html#Confusable_Detection

It has been a thing for 10+ years https://en.m.wikipedia.org/wiki/IDN_homograph_attack

This trick was used by students to cheat the plagiarism system in master's theses.
@up, Browsers now showing cyrilic charactes as xn--(digit), but in the past it was able to make indentical copy of domain with these characters.

A quick check for the first domain registrar shows that it won't work.

Testing wallet.com brings me to http://www.xn--wllt-53d6a.com/ indeed (which doesn't exist). Note that I really typed this:
My browser changes it already. Nice catch!

If this is really a thing,phising sites would only become more complicated to identify in the future.

---

LoyceV,that is very much surprising what you have found.

It's the frst letter e that is different

In ‘wallet’, the second character is a cyrillic ‘a’ and the fifth a cyrillic ‘ie’, encoded in Unicode. This kind of scam is known as a homograph attack. You can find all characters using normal search as long as you’re searching for those exact characters.

While processing Bounty Content applications, I stumbled upon something I haven't seen before. I can't really figure out how it's done, but it turns out there's a difference between "wallet" (11,000 hits on Google) and "wallet" (127,000,000 hits on Google)! Click CTRL-F and try to search for one of the two words on this page.

My initial plan was to bust the few cheaters, but this turns out to be much larger than just a few. So, I throw this in here for community help!

First: how is this done? Is there some software that replaces ascii characters by something that looks like it, but can't be found through copy/paste?
(this question has been answered, now let's focus on busting the cheaters!)

Second: I think "wallet" is just the tip of the iceberg, but it's the only word I've checked so far. When I Google "wallet site:bitcointalk.org -imode", it gives me 66 hits.

---

The first hit came from SandraSN:

To find the original, I had to manually type a part of the post into Google. This post is a copy of:
Note how the order of the two sentences was reversed. But worst of all, if you select any small part of either of those two posts and try to Find it on this page, your only hit will be the post you selected.
Mods: please ban SandraSN. (still at large)

---

The second hit is SergiOLa, who posted:

Which is a copy of:
Mods: please ban SergiOLa. Banned!

---

The third hit is from Kamelia, who copied:

From:
Mods: please ban Kamelia. Banned!

---

I've only checked three of the 66 "wallet"-links on Google, and so far it was 100% plagiarism. It's a lot of work to document this way, so I'll leave it at this as a "proof of concept".
If you check the post history of any of those people, you'll find much more words to search for. If they don't pop up when you hit CTRL-F and manually type the word, it's very likely to be plagiarism. For example, searching for the word "exchange" gives 70 hits.

Update: this makes it easier to spot: my old xterm doesn't support the characters, posts look like this when I copy them: