If it's a known attack, Google has a known defence in its apps?

Something being known doesn’t mean a solution exist.

Computing the the set of Unicode characters that would result in a homograph of a latin alphabet word is non trivial. Now do this for relevant/trusted domains, now put in place a mechanism to mark a domain as trustworthy that also minimises your liability.

	▲	eviks 4 days ago \| parent [-]
		> Something being known doesn’t mean a solution exist. But we aren't talking theory. In this case solutions exist, just not in this app? Also, the triviality point is puzzling, are we only allowed to criticize professionals for trivial fails? (though using a different font is one of the trivial mitigations) > that also minimises your liability. How is that a factor, what is their liability now without any mechanism and will it increase if they add some?