•

What if someone creates a clone of my app for phishing?

https://github.com/positive-intentions/chat

im working on a decentralized chat app similar to Simplex with the additional detail that it's mainly presented as a webapp. Simplex recently posted on their subreddit about "somone else" having registered and hosted a copy of thier website/app.

this could be for something like phishing and they correctly notified people and reccommend to not download from there.

https://www.reddit.com/r/SimpleXChat/comments/1epuf5w/please_note_we_do_not_own_the_domain/

im now thinking i should point people to my github repository. (the links to the webapp and builds for ios/andoid/ desktop can be found directly there from the readme)... similar to a "domain", im sure its easy enough to create a new github organization and repo that looks similar to the one i already have.

i added a section in the readme about improving the security of the app by using a selfhosted version for those that want/need hightened security/privacy.

Simplex also mention they submitted a complaint to the domain registrar. id like help to learn about what other things i could do if somthing similar happens to my app. this is something that id like to know more about because its seems inevitable to happen (if it becomes popular) given my app is open source and easy to selfhost.

1 comments

starshipwinepineapple

•

It would be a good idea to at least buy one or several domain .TLDs for open source projects even if you currently aren't planning to make use of them. If nothing else getting a domain prevents someone else from registering it, and you could start using them to make legitimate results higher in search results. This is easiest when you are first starting a project and can check availability before settling on a name.

The problem is that there are hundreds of TLDs so you're not going to be able to register them all. Simplex mentioned they reported the domain. If you do an ICANN lookup you can find an abuse email for the domain, which would be an email for the registrar. You can report to that email and it is likely they will remove the site. You can also go directly to the TLD and report abuse to them as well.

Beyond that search for your project every once and a while and see what comes up or what doesn't come up.