Just my $0.02 as a net/sysadmin for a small municipality in the US:
A big part of why we haven't been able/bothered to migrate to a proper .gov domain boils down to the amount of technical debt we'd need to pay back in the process of doing so. Everything that we do uses our non-.gov domain, namely our Office 365 connectors. On top of that, end users' day-to-day communications with the public make use of the existing domain. Modifying that in any capacity could prove disruptive to ongoing communications and potentially render them liable for dropping the ball somewhere. Not to mention that every single internet account ever created by staff using the current domain would need to be migrated or risk being lost forever.
Additionally, we're a small team. Only myself and one other individual would really have the technical knowledge to migrate our infrastructure. The opportunity cost involved would be massive. There are grants available to help us with this, but obtaining/using those can get complicated at times.
Ultimately, the pros just don't outweigh the cons enough to make a huge difference. From a purely academic angle, should we have a .gov TLD? Absolutely. In practice though, the residents and staff are familiar enough with the current one to render it a non-issue. The average non-technical user doesn't "see" "[municipality].[state].gov". They aren't familiar with the concept of a domain hierarchy at all. They just memorize "[municipality_website]" and move on with their day.
> They just memorize "[municipality_website]" and move on with their day.
I haven't even done that much, I couldn't tell you offhand the URL for my county government. I always just search in Google, which takes me right to the page I need (roads, solid waste, library, etc.)
> The average non-technical user doesn't "see" "[municipality].[state].gov". They aren't familiar with the concept of a domain hierarchy at all. They just memorize "[municipality_website]" and move on with their day.
That mean they can easily be redirected to a phishing website.
Absolutely, and that's a risk that we carry, especially in the public sector. That being said though, I don't know if adopting a better-regulated domain is itself enough to alleviate that.
The very unfortunate reality is that many (most?) users evaluate phishing attempts with the null hypothesis that "this is trustworthy". They are looking for evidence that something is wrong and assuming all is well if they don't find it. To that sort of user, the thinking goes something like:
* Some trustworthy sites use .com.
* My municipality is trustworthy.
* My municipality uses .com.
If you draw out the venn diagram, there's a clear gap in that line of thinking. That doesn't matter to someone's Great Aunt Linda though. She just knows that .com is what goes after Amazon and Google, so it must be good.
With that in mind, could using .gov help to protect those folks? To a certain extent. I can see the argument for keeping the more discerning few from getting scammed. For the broader group though, it won't change anything.
Offhand, the alternative solution that I'd offer would be providing clear communication standards to the public. Specifically, defining when, how, and from whom municipal notifications go out. Think of it like the IRS only sending physical letters; archaic as it seems, it makes it pretty obvious that an email "from them" is bogus. The clearer someone's understanding of where to find us is, the more optimistic I am that they'll get where they need to be.
Nah, even worse, they type “municipality” or some butchered typo of it into their browser, triggering a Google search, and click the very first link they see (sponsored or no) - so they can wildly easily be tricked into phishing websites.
Arguably we’re all victims of the decade or so when Google was so good at serving up the right site, so most people just got used to not knowing any URLs. People Google “YouTube” or “cnn” rather than type even the .com after those words.
IMO, poor website UX plays a big part in this too. People are far less likely to Google "[city] public works" if "public works" is a top-level menu item on the city website. When you first need to click a hamburger menu, hover over the "departments" entry, select "other departments", and then pick "public works" from the site header though, Joe Public is just going to do a search.
Yes, what really makes people like us cry is watching someone type in just the word Google into the ubiquitous search/URL bar, hit enter, click Google’s first result for Google which is google.com, then type “cnn.com” into the search field, hit enter, and then click an ad or result for CNN.
You say there are grants available, but given the current environment actually relying on those seems risky - even if you were actually to get the money up front it seems like it might get clawed back.
You are correct. This is a consideration at all levels of government currently, with faith in those grants' persistence varying based on an individual recipient's responsibilities.
> The average non-technical user doesn't "see" "[municipality].[state].gov". They aren't familiar with the concept of a domain hierarchy at all. They just memorize "[municipality_website]" and move on with their day.
You've just highlighted the problem. This is something every single human being in America should know, and arguably almost the entire world.
This falls directly under the rubric of Basic Computing Knowledge > Basic Internet Knowledge.
Every single time I see someone searching for "microsoft" or "apple" I immediately stop them and tell them, "You've already done most of the work. Microsoft and Apple are commercial entities. Add .com at the end, which is what .com means. Commercial. You're adding extra work for yourself."
Yes, a few people pop off at the mouth at which point I remind them ignorance is of a thing is easily remedied with a little give-a-damn, and saves everyone time and money.
Talk about a fucking miserable failure of education. I'm 44. I expected the generation 20 years younger than me to be impossibly skilled with computers to the point that I wouldn't hope to even match them, much less surpass them. Instead what we got was a world where we dumbed every goddamn thing down so even the most drooling moron can utilize it.
They should know the basic principles! For the same reason they should know what a noun and a verb is. For the same reason they should know that you can multiply something by 10 by adding a zero. When so much of our lives revolve around the Internet, basic literacy about its fundamental mechanics makes a lot of sense. The alternative is the world we live in now, where it’s trivially easy to scam people because they believe www.irs.gov.login.html.b3293.cn/login is functionally equivalent to www.irs.gov/login.html?b3293.cn
Imagine if people were this bad at counting, or at knowing the difference between US currency and monopoly money.
> so much of our lives revolve around the Internet
This was my core point, that this is true for you but is not actually true for everyone. To claim the entire world needs to know this when people get by just fine every day without being online or being on a device is absurd to me.
I wasn’t only talking about nerds. There are not a lot of people anymore who are not impacted by the Internet and who don’t usually use it.
And they don’t get by just fine every day.
People get phished and scammed constantly, in many ways that could be prevented if people had and remembered like a 2-week unit in high school on how the Internet works.
I’m not saying they need to understand even the fact that DNS converts names to IP numbers. Merely that it’s a hierarchy and how to trace responsibility (originating from the right side).
That’s no more difficult to grasp (if taught properly) than how to read the address on an envelope and understanding that “San Francisco, California” means a city in San Francisco located in the state of California.
Other lessons in the unit would include how email works including its lack of guarantees of authenticity. And finally, what encryption means and applying that knowledge to safe and unsafe ways of storing and transmitting information.
A big part of why we haven't been able/bothered to migrate to a proper .gov domain boils down to the amount of technical debt we'd need to pay back in the process of doing so. Everything that we do uses our non-.gov domain, namely our Office 365 connectors. On top of that, end users' day-to-day communications with the public make use of the existing domain. Modifying that in any capacity could prove disruptive to ongoing communications and potentially render them liable for dropping the ball somewhere. Not to mention that every single internet account ever created by staff using the current domain would need to be migrated or risk being lost forever.
Additionally, we're a small team. Only myself and one other individual would really have the technical knowledge to migrate our infrastructure. The opportunity cost involved would be massive. There are grants available to help us with this, but obtaining/using those can get complicated at times.
Ultimately, the pros just don't outweigh the cons enough to make a huge difference. From a purely academic angle, should we have a .gov TLD? Absolutely. In practice though, the residents and staff are familiar enough with the current one to render it a non-issue. The average non-technical user doesn't "see" "[municipality].[state].gov". They aren't familiar with the concept of a domain hierarchy at all. They just memorize "[municipality_website]" and move on with their day.