The internet isn't safe.

We've been sleepwalking into disastrous negligence.

We all know it now, but we still haven't decided how to fix it.

We're under attack, on many fronts. Phishing, scams and dangerous content plague daily life. We have to be on high alert at all times to dodge threats.

It only takes a click to end up in danger, to land on a bad site. Why should this be the case?

In its early days, the internet was an alternative way of doing things. It was defined by not being the real world (or IRL).

But now, the internet is the definitive way of doing things. It is impossibly hard to live without it. It is the real world.

But we haven't brought people with us. It's a technocratic two-tier world of those who know how the internet works, and those who don't. Those of us who are not digital natives are especially vulnerable to attacks.

NSFW? The net's not safe for work, but also not safe for children, or for life.

Phishing, the attack which exploits brand trust and convinces you to provide credentials to a malicious actor, is the leading cyber attack.

The technology of the internet, the web and web browsers hasn't substantially changed since the 1990s. They are all underpinned by identifiers that don't work for people. URLs (web addresses), domain names, IP addresses. They're technically focused. They're not human friendly.

The internet is still a frontier. The web is a World Wild West.

Trust is under threat around the world. Trust in organisations and authorities is not guaranteed.

Trust is ever crucial in a world of uncertainty and danger. But gauging trust on the internet is ever demanding.

Compared with the physical world, the internet is a level playing field with equal opportunity for accessing and sharing pages and content. However, there is little expression of authority; it is hard to know who and what to trust.

With the web, the key trust indicator is the URL and the domain within. But anyone can register a domain name for little cost and use it in a malicious lookalike campaign to masquerade a brand of their choice or target specific users.

Users tend to find it hard to determine whether a site is official and legitimate. Too often, people accept the purported authority by way of the supposed brand, copycat design and the imposition of panic, and get phished.

Consider the URLs
"https://login·facebook·com" and
"https://login-facebook·com". So subtly different, but with massive trust implications. The former is on the official Facebook website, the latter is not on "facebook·com" but another domain entirely, and not an official Facebook domain.

Domains aren't always a perfect match for brands. It's about who purchases the domain registration first (and continues renewals). Aside: A company might have a trademark and this can help acquiring an existing domain but only if the company is older and they have the trademark before the domain in question!

It's not always possible for a company to get the most appropriate domain. Take the URL for Metro Bank in the UK: "https://www·metrobankonline·co·uk". The official domain looks less authentic than "metrobank·co·uk", which is not Metro Bank.

With exhaustion of the dot-com space in the domain name system (DNS), how are startups and newly established companies meant to get a perfect or even good domain?

Organisations also tend to use a number of domains for their various functions, and we've found that a significant number of sites, including banks, are hosting login and authentication on an entirely different domain to their main site. This is problematic for trust, and makes phishing and fraud easier.

How are we meant to know a URL corresponds to a brand? We try to remember domains and take a guess. This isn't good enough.

There's no verifiable pairing of domain names to official organisation names. We have search engines, but these are susceptible to abuse via results and ads.

So far, industry and institutions are reactive to threats, reactive to malicious websites; they are not proactive, not proactive to creating a safe space online.

We have piecemeal defences. We need a safety net for the internet.

We're not arguing for a dismantling of the current internet. The internet will still be available. But for most, a safe version of the internet will suffice.

Let's make an internet we're proud of, for generations to come.

An internet without violence.

An internet without explicit content.

A web without abuse.

A web without harm.

An enduring positive legacy for the internet.

A dream? It's not. It's already possible, if we want it. Let's join together and bring a safe internet into existence.

Why let previous inaction dictate the future?

We need a safety net.

We need a trusted internet.

A net with only safe, trusted websites.

A trustnet.

A net, not for some of us; for all of us.

Hooked for a new net? Say, scream and shout Make The Net Safe.

Join the movement and let's make the net safe.

In our online travels, we've collected examples of trust violations, instances where organisations break our trust assumptions and damage internet safety. We call them Trust Issues and you can read them here

PS. You can try what we think is a safer internet with the Epi link checker. Any website you land on, you can check it's safe.
Check a link

PPS. The founders of this movement work on Epi, an organisation indexing only safe websites, and building a safer online future. Read more