This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
In orthography and typography, a homoglyph is one of two or more graphemes, characters, or glyphs with shapes that appear identical or very similar. The designation is also applied to sequences of characters sharing these properties.
Synoglyphs are glyphs that look different but mean the same thing. Synoglyphs are also known informally as display variants. The term homograph is sometimes used synonymously with homoglyph, but in the usual linguistic sense, homographs are words that are spelled the same but have different meanings, a property of words, not characters.
In 2008, the Unicode Consortium published its Technical Report #36 on a range of issues deriving from the visual similarity of characters both in single scripts, and similarities between characters in different scripts.
A manifestation of homoglyphic confusion in a historical regard results from the use of a 'y' to represent a 'þ' when setting older English texts in typefaces that do not contain the latter character. It has led in modern times to such phenomena as Ye olde shoppe, implying incorrectly that the word the was formerly written ye //. For further discussion, see thorn.
Examples of homoglyphic symbols include the diaeresis and umlaut (both a pair of dots, but with different meaning, although encoded with the same code points) and the hyphen and minus sign (both a short horizontal stroke, but with different meaning, although often encoded with the same code point). Among digits and letters, digit 1 and lowercase l are always encoded separately but in many fonts are given very similar glyphs, and digit 0 and capital O are always encoded separately but in many fonts are given very similar glyphs. Virtually every example of a homoglyphic pair of characters can potentially be differentiated graphically with clearly distinguishable glyphs and separate code points, but this is not always done. Typefaces that do not emphatically distinguish the one/el and zero/oh homoglyphs are considered unsuitable for writing formulas, URLs, source code, IDs and other text where characters cannot always be differentiated without context. Therefore, ones that use a slashed zero, for example, are preferred for those uses.
0 and O; 1, l and I
Two common and important sets of homoglyphs in use today are the digit zero and the capital letter O (i.e. 0 & O); and the digit one, the lowercase letter L and the uppercase i (i.e. 1, l & I). In the days of mechanical typewriters there was very little or no visual difference between these glyphs and typists treated them interchangeably as keyboarding shortcuts. In fact, most keyboards did not even have a key for the digit "1", requiring users to type the letter "l" instead, and some also omitted 0. As these same typists transitioned in the 1970s and 1980s to being computer keyboard operators, their old keyboarding habits continued with them in their new profession, and became a source of great confusion.
Most current type designs carefully distinguish between these homoglyphs, usually by drawing the digit zero narrower and by drawing the digit one with prominent serifs. Early computer print-outs went even further and marked the zero with a slash or dot—leading to a new conflict involving the Scandinavian letter "Ø" and the Greek letter Φ (phi). The re-designing of character types to differentiate these homoglyphs, taken with the dwindling number of keyboard operators trained on mechanical typewriters, has seen a decline in these particular homoglyph errors. The degree in which two different characters appear the same to a given observer is called the "visual similarity".
Some other combinations of letters look similar, for instance rn looks similar to m, cl looks similar to d, and vv looks similar to w.
In certain narrow-spaced fonts (such as Tahoma), placing the letter c next to a letter such as j, l or i will create a homoglyph, such as cj cl ci (g d a).
When some characters are placed next to each other, seen together at a glance they give the visual impression of another, unrelated character. A more precise way of saying this is that some typographic ligatures can look similar to standalone glyphs. For example, the fi ligature (ﬁ) can look similar to A in some typefaces or fonts. This potential for confusion is sometimes an argument made against the use of ligatures.
The Unicode character set contains many strongly homoglyphic characters. These present security risks in a variety of situations (addressed in UTR#36) and have recently been called to particular attention in regard to internationalized domain names. One might deliberately spoof a domain name by replacing one character with its homoglyph, thus creating a second domain name, not readily distinguishable from the first, that can be exploited in phishing (see main article IDN homograph attack). In many fonts the Greek letter 'Α', the Cyrillic letter 'А' and the Latin letter 'A' are visually identical, as are the Latin letter 'a' and the Cyrillic letter 'а' (the same can be applied to the Latin letters "aeopcTxy" and the Cyrillic letters "аеорсТху"). A domain name can be spoofed simply by substituting one of these forms for another in a separately registered name. There are also many examples of near-homoglyphs within the same script such as 'í' (with an acute accent) and 'i', É (E-acute) and Ė (E dot above) and È (E-grave), Í (with an acute accent) and ĺ (Lowercase L with acute). When discussing this specific security issue, any two sequences of similar characters may be assessed in terms of its potential to be taken as a 'homoglyph pair', or if the sequences clearly appear to be words, as 'pseudo-homographs' (noting again that these terms may themselves cause confusion in other contexts). In the Chinese language, many simplified Chinese characters are homoglyphs of the corresponding traditional Chinese characters.
Efforts are underway by TLD registries and Web browser designers to minimize the risks of homoglyphic confusion to the fullest extent possible. Commonly, this is implemented by prohibiting names which mix character sets from multiple languages (toys-Я-us.org, using the Cyrillic letter Я, would be invalid, but wíkipedia.org and wikipedia.org still exist as different websites); Canada's .ca registry goes one step further by requiring names which differ only in diacritics to have the same owner and same registrar. The handling of Chinese characters varies; in .org and .info registration of one variant renders the other unavailable to anyone, while in .biz the traditional and simplified versions of the same name are delivered as a two-domain bundle which both point to the same domain name server.
Homoglyphs of all kinds can be detected through a process called 'dual canonicalization'. The first step in this process is to identify homoglyph sets, namely characters appearing the same to a given observer. From here, a single token is specified to represent the homoglyph set. This token is called a canon. The next step is to convert each character in the text to the corresponding canon in a process called canonicalization. If the canons of two runs of text are the same but the original text is different, then a homoglyph exists in the text.
- "UTR #36: Unicode Security Considerations". www.unicode.org.
- Helfrich, James; Neff, Rick (2012). Dual canonicalization: An answer to the homograph attack. eCrime Researchers Summit (eCrime), 2012.
- "Archived copy". Archived from the original on 2013-03-28. Retrieved 2013-03-29.
- "ICANN Email Archives: [idn-guidelines]". forum.icann.org.
|Look up homoglyph in Wiktionary, the free dictionary.|
- https://www.unicode.org/Public/security/latest/confusables.txt - recommended confusable mapping for IDN.