<i>Intro</i>

Herald: So welcome to this evening's next
talk with the wonderfully broken title, I

love it, "Emoji domains and how
wonderfully broken they are" by a very,

very wonderful person, Jennifer, who is a
web developer, and you wouldn't believe

it, her nick is "unicorn", here is a
unicorn! ... Hi! Jennifer this is, tell us

everything about emoji domains, and why
they are so rotten broken. You go!

dysphoricUnicorn: Yeah, thank you a lot.
Exactly - are we speaking about these

wonderfully broken things and the talk
will be kind of like... I start with a bit

of an intro dump about the history of
emoji domains and what they actually are

and then I will talk about my personal
experience breaking things with them. So

yeah, let's start right of with the
history. So, DNS were standardized in

1987, with a very limited character set.
So, you can see, like, only roman naturals

and some numbers, and, like, four non-
letters. So these are definitely not

sufficient for many languages and it's a
very euro-centric view, or not even just

euro-centric, but it's actually very
centered on the english language and it

was clear that this won't suffice so in
1996, internationalized domain names were

posed, which allow encoding characters
that are not supported or that are not

officially supported into this very small
character set so that browsers could

simply convert them on the fly. This...
sources kind of disagree when this exactly

went live or when you could start it, when
you were able to use it for the first

time. The IDNA2003 standard allowed the
support, but the first emoji domains were

actually registered in 2001. Interesting
about these is that, in 2001, emojis

weren't part of Unicode yet. So you can
see these examples, like the "hot springs"

those do show as emoji. which is because
they are both emoji and Unicode pictographs.

So, not actually emoji domains at the
time, but right now, they were kind of

converted into emojis. Back then, they
were just pictographs. I couldn't really

find out if those domains actually
resolved if you entered the pictographs

back then or if it was just someone who
just was hoping they would rise in price

once IDNA2003 or whatever standard would
implement it, went live. So there was also

an IDNA2003 normalization, but that is not
too interesting for us because we just

want to look at the emoji side of things.
IDNA2008 actually banned emoji for most

major TLDs, because of concerns that it
would be used for phishing domains that

looked very similiar to actual, other
domains. Like every character exists as an

emoji, to be able to make to make country
flags, so that could be used for phishing

and they decided to ban it for most major
TLDs that comply with IDNA2003. Important

to my little story, in 2020, the emoji 13
standard added transgender pride flag

emoji. You'll see why that's important
later. So what actually is this punycode

encoding? It's non-human readable representation
of Unicode characters. So you can see this

symbol here would be translated x-n-dash-
dash C-8-H, which obviously doesn't make

much sense to type in but your browser
would take care of this. So, DNS didn't have to

be changed, it's only inside your browser
that these conversions happen. Compatible

browsers, depending on which browser you
use, will either intransparently or

semitransparently translate, Firefox for
example, as a mitigation to these phishing

attempts, does allow you to enter emoji or
other Unicode characters, but as soon as

you hit enter it will, the URL bar will
show this xn-dash-dash domain. Safari, as

far as I know, does not do it
transparently, so you will not know what

exactly the punycode representation is of
what you were just enterin'. And different

TLDs only support a specific subset as I
said, IDNA2008 actually banned it. Fun

fact, I forgot on the last slide: IDNA2008
went live in 2010 which is kind of

confusing, but whatever. Different TLDs
only support specific charsets, most don't

support emoji, but there are TLDs that
have "supporting emoji" as their main

selling point. TLDs that most people
wouldn't want to use unless they just

simply are interested in emoji. Why did I
end up breaking things with it? In early

2011... not 2011, 2021... this year - I
was unemployed and looking for interesting

ways to build my portfolio. I knew that
emoji were somewhat supported but I didn't

know what, how exactly it worked, I just
knew that there were some people that had

emoji domains and I was kind of happy that
there was a transgender pride emoji

added, so I decided, well, maybe it's a
good idea to add some domain that contains

this transgender pride emoji to also kind
of become less interesting for bigoted

potential employers. So, yeah, let's
register domain with that emoji. Well...

that seems to be a bit more difficult
because these domains, even though you

never really counter them, seemed to be
sold out. Nothing that I looked up worked,

and actually the web interface broke a
bit, but more to that later. Well... none

of these domains actually resolve to
anything: .dev does not support emoji at

all and namecheap doesn't support emoji
even with top-level domains that do

support them. So, I had to go to another
registrar, which was a bit annoying

because I thought, well, I like everything
in one place, not specifically I love

namecheap or anything. But, whatever. Few
months later, I am now the proud owner of

"transgender pride flag purple heart .
ws". At least, that what I think. So, I

just set up to build a small demo page for
it, and deploy it on my server and test it

and - wow. My server usually isn't that
slow. Timeouts... the route looks okay

inside my reverse proxy, trying again, and
after long time, I end up with this

wonderful error message. So we're sorry,
that domain is invalid. It also does not

show the transgender pride flag anymore,
but that could be down to the simply their

webfont not supporting it yet because it
was just added to emoji 13, at least

that's what I thought at that point.
Obviously, I was a bit scared because,

well I just spent 10 euros at something
and... I didn't really know when I would

have a stable income again so I did this
to find a new job and german unemployment

benefits are really difficult to get, so I
was a bit scared, but godaddy didn't sell

me some invalid domain or they also
definitely did not scam me, because if you

enter these exact characters that
apparently are invalid, it does resolve to

my server. So when I looked at the
godaddy web interface, it also showed

these three characters, the purple heart,
the white flag and the transgender symbol.

It's simply not the domain that I had
entered into the emoji domain search

engine. Wasn't just their webfont that
doesn't support it. And that is caused by

the wonderful zero-width joiners. To avoid
having tons of similar emoji, each with

their own code, many emoji are created by
combining others. So you have the skintone

modifiers for example or the country
flags, that are a combination of different

emoji with a zero-width joiner. The
transgender pride flag is a combination of

a white flag and a transgender symbol with
a zero-width joiner inbetween. And the

thing is, punycode does not really support
them so it was simply just dropped during

conversion while I bought my domain. But
that's not everything. Because I still had

this project, I still wanted emoji domains
and my interest was peaked so I wanted to

try out what else I could break. To avoid
spending even more money on this

project, I just moved my testing to sub
domains which was a good idea because I

have way more control over sub domains
than I have over regular ones. I can

register them with any registrar, so I
could use my go-to registrar. I can

register whatever strings I want, so even
invalid punycode. I can register them

under a TLD that does not allow it because
it's not a second-level domain but a

third-level domain. And, yeah, let's see
what browsers do about that. So I created

the sub domain "transgender pride flag .
dysphoric . dev". Firefox converts it to

xn-- and I'm not gonna say all that.
Chromium converts it to a different

string. Which, if you plug any of those
into a converter, it will tell you

that both are invalid punycode. However,
both are understood and routed, so I just

simply added an [unintelligible] all-route
to my reverse proxy, so that both would

work. If you use dig, which is a command-
line tool that lets you look up domain

records - first of all, it doesn't do the
punycode conversion at all, so I had to

use one of the strings that one of my
browsers gave me, but when I use that

string it also gave me this "It's not a
valid IDNA2008 name. Disable validation

using these tool parameters." also didn't
tell me that I needed both. So I added the

first and then, oh, you still need the
second. But, whatever. Once both were

added, I was able to get correct results
and my site was reachable. The next thing

I thought of was, what if I will move my
domain to a non-supported registrar,

because as I just talked about, namecheap
does not actually allow emoji domains and I

was interested to see how their web interface
would handle it. Sadly, it simply did not

handle at all, because they don't support
.ws domains. I wasn't really going to

contact their support team to try and
still get it because this was only a

simple thing that I will probably just
simply not interested in hosting that

domain because it breaks their web
interface if you try to. Or other things

about emoji domains break their web
interface, so I don't really see why their

support team would actually be on my side
here. So, what about email? Because,

apparently, email clients really enjoy
breaking. From my experience at least. Do

they break with emoji? When trying to add
an emoji domain as a sender, my mail

server actually broke because validation
was run after punycode to unicode

conversion, which caused an uncaught
exception, which was suprising, it's

already fixed but the patch is not
released yet so I couldn't yet test it.

But there's still the local part which I
could already control as much as I wanted

to and the [unintelligible] so Thunderbird
simply ignored it and showed the punycode

and Apple Mail dropped the zero-width
joiner and also showed the punycode under

the thing where it shows the exact domain.
So, mixed results, nothing too spectacular,

no exceptions or crashing clients or
anything interesting like that, sadly.

What did I learn doing this? Well,
obviously emoji domains are very buggy.

Implementations vary from browser to
browser so you can have the same input

string and get different punycodes out of
it, so testing in just one browser

definitely is not enough, well, it never
is, but here especially it isn't. And, you

may be able to buy a domain that won't
work as you would think which can cause

quite the annoyance. But it's still a lot
of fun to mess around with this stuff,

just not for productive use. I like to end
my talks but telling people to join a

labor union that doesn't have anything to
do with this but that's what I do for some

reason. And I've got also a blog post
about this where I've written it up and I

would publish the slides under the
wonderful domain "poop emoji nycode . ws".

It's just a link to my regular blog for
now. I'm sorry. I think I went a bit fast

but I still thank you for your time and
I'm open to questions.

Herald: [talks, but no sound is audible]
Herald: I'm online... oops, I'm sorry. I'm

awfully sorry, my machine is slow. I muted
myself about half a minute ago. Thank you

for that beautiful talk, Jennifer. I had
to grin a couple of times, because it was

great and it made my day. And actually we
have a question. The question is in

German, I'll say it in English: why is DNSSec
so complicated for emoji domains?

dysphoricUnicorn: Well, because no one
actually really likes emoji domains except

the people who sell them. At least that
was my experience looking up things for

that. So, they are kind of disallowed in the 
standard, but just some of top level domains just

ignore the standard and still let you register
them and it's just something that people

will implement things don't want to think
about at all. I haven't actually tried

DNSSec, but it's just something that is
easilly forgotten because it shouldn't

actually exist, which may
be a bit harsh, but...

Herald: Is - you remember the ringtone
fads when smartphones didn't exist yet -

is this just a fad like this ringtone
thing and it will just disappear within

the next couple of years or would you
think emojis are here to stay? Is this

serious?
dysphoricUnicorn: I think emojis are here

to stay but not within domains or... like,
it was possible since 2001, kind of, but

at least since 2011 where the first actual
emoji domain was registered. But most

domains that are, like, popular examples
already don't resolve anymore or resolve

to sites that say "emoji domains". So,
emoji domains definitely are not much more

than a fad or a nice, funny thing to just
look at for a bit. However, emojis as a

whole are such a large part of our
culture, I don't think they're going to go

away any time soon because it's been more
than ten years and the annoying

downloadable ringtones were popular
for a bit less time, I think.

Herald: This is a question that I actually
wanted to ask myself as well, because I

run my own email server as well and...
which email server software do you talk

about? Do you know about
supporting the others?

dysphoricUnicorn: Errm...
Herald: What do you use as a software on

your email server?
dysphoricUnicorn: My email server is

running on mailhue, which is a set of
Docker containers that are specially made

to work together to make setting up an
email server as painless as possible for

free. So I haven't actually tested any
other servers, however in theory they

shouldn't actually have any issues. So, the part
of mailhue that failed wasn't actually the

mail server part. It was simply a parser.
So, in theory, with another mail server,

it should work, if they didn't also mess
up parsing at some point.

Herald: Somebody asked here, is there a
list of top-level domains that support

emojis and somebody posted and answering
Wikipedia, is that correct? Wikipedia has

such a list?
dysphoricUnicorn: It has, but it isn't

actually correct, the list, that it has it
is the english Wikipedia. It lists at

least one domain that no longer supports
emojis which is actually kind of a big

political thing where they removed
support. So, the Wikipedia list is not

complete or contains too much. There are,
however, registrars, that are specialized

in emoji domains and those will have
current lists. So, I had .ws as one of

them. It's not the red heart emoji, though
because that's invalid punycode and so I

don't really know what to enter in my URL
bar to get to them other than searching

it on Google, so...
Herald: <i>laughs</i> Next question, is there a

difference between single punycode and
multiple emoji chained together as a

second or third level domain?
dysphoricUnicorn: It's just different

punycode, depending on how many emoji you
have but theoretically, the implementation

for this would just, I think the technical
term was ASCII-to-Unicode something, which

is like, an algorithm to convert it, does
handle multiple emoji similarly. Or - it

should work without any
issues if one of the two works.

Herald: Are there any emoji
first-level domains?

dysphoricUnicorn: No. There are not. There
are punycode first-level domains, because

there are languages that simply do not use
the same letters as english does, so

punycode first-level domains are existent
but no emoji first-level domains at this

point. Maybe there will be, but I kind of
doubt it because the people in charge of

this emoji domains are kind of an eye sore
to them from what I could read, so...

Herald: Talking about eye sores: I always
have the impression, that at least to the

old coders, diacritical signs in
themselves were considered an eye sore.

You know, that funny little dots those
German speaking people have up there.

Don't talk about the Czech and the Poles.
Now, my name contains such a diacritical

sign, my first name is André and I've been
fighting with all kinds of inputs that say

7 Bit ASCII and nothing else. Do
diacritical signs still break domains?

dysphoricUnicorn: They should not, because
are actually reason why IDN's exist. So it

was actually proposed by someone who has
one of those sign in his name and probably

just wanted the domain with his name. This
was the actual reason why we have punycode

in the first place and supporting emoji
was kind of an unwanted side effect. So in

theory, it should work without issues but
still many people don't think about it

enough when implementing their own thing,
so you can never be too certain that it

will. But it should.
Herald: seventy posted here, seventy

obviously runs a Windows, and in Windows
10, the emoji menu with the combination of

the Windows and the full stop. Is that
common already or is that new? I think

it's common by now, it's been implemented
and ever since then everybody's been using

emojis. And there is also a remark that
says "MS Outlook has actually pretty good

unicode-punycode support but still don't
try emojis". I remember a story about when

the Bosnian wars broke, when the Yugoslav
war broke, especially the ones in Bosnia

broke out, there were about a hundred
thousand Bosnians that fled to

Switzerland, and about fifteen thousand
were granted citizenship, but they

couldn't be registered in the citizenship
register, because that only supported

7-bit or 8-bit ASCII but no diacritical
sign of [unintelligible]. I think they

fixed it by now but that was quite a thing
some years back. I see no further

question, - oh, there is one ... <i>coughs</i>
... one... <i>coughs</i> excuse me that came in

right now... <i>coughs</i>... is there a
uniform way to generate punycode over

multiple platforms? Mobiles do not work
well with entering unicode numbers as we

all know.
dysphoricUnicorn: I'm not sure I

understood this correctly. The easiest
way that I used during my testing was a

simple online converters that would work
on every page. And actually my system

doesn't have a shortcut for emoji so I
would always copy and paste from

emojipedia into an online punycode converter
and just use it from there. Because I

don't actually use emoji that much.
Herald: Okay, we've come to the end of our

time. We still would have another minute
or two, but we have no more questions.

Thank you in the meantime for coming and
holding this talk. You have another talk.

I think it's tomorrow?

<i>Outro</i>

Subtitles created by c3subtitles.de
in the year 2021. Join, and help us!