- Thacker Thoughts
- Posts
- 2 New Posts! Domain names for Hacking and AI Safety!
2 New Posts! Domain names for Hacking and AI Safety!
Joseph Thacker
September 08, 2025
Hey there,
I spent some time this week on two completely different rabbit holes that I think you'll find interesting.
1. The Hunt for Ultra-Short Domains
I wrote about a time earlier this year when I went down a six-hour rabbit hole trying to find the shortest possible domain for XSS payloads.
Some domains have different ASCII vs Unicode character counts. For example, rad.pw has 5 ASCII characters but only 2 Unicode characters (㎭.㎺). I even found domains like 2.st (3 ASCII, 2 Unicode) but they cost €1500.
I built a small Unicode character reduction tool that you can use if you want.
Browserbase 🤝 Cloudflare (sponsored)
Browserbase just released Web Bot Auth with Cloudflare. It's a cryptographic passports that let AI agents prove they're not malicious bots.
This is an awesome step forward because we were rapidly moving towards an internet where everything was closed, as people pushed back against bot-scraping. And, I think this is one step towards Agent-Based Auth, which we'll need super soon.
Check it out here: Browserbase Partners with Cloudflare
2. AI Safety Reality Check for Parents
It hit me that AI models aren't safety-tuned for kids. They're designed for reasonable adults, so I wrote about that and I think you’ll find it interesting 🙂
P.S. I might be building something in this space.
That's it! Have a great week!
Thanks for being on the email list! 😊 If you like this content, I’d love if you invited someone to join it or to follow me.
 | Joseph Thacker (rez0) |