In a report on emoji use in domain names, the SSAC explained that emoji are “visually similar and can be difficult to distinguish, especially when displayed in small fonts or by different applications, as no standard specifies exactly how they should be displayed”.
“Distinguishability is not a design consideration when creating a new emoji; ambiguity is acceptable.”
The SSAC said that ambiguities like this could increase the risk of user confusion when deployed in domain names. This could increase the chance of a user inputting the wrong emoji and reaching a phishing site, rather than their intended input.
Emoji can also be glued together or modified to change composition and colour, making it difficult for users who might not be able to detect colour differences, again increasing their chances of ending up on the wrong website.
“The whole point of an identifier is to specify something unambiguously—this thing, as distinct from all other things,” the SSAC said.
“To a user, a single unmodified emoji might look exactly the same as its ‘glued together’ counterpart, and systems that do not support emoji composition using a ZWJ will display the individual components of a ‘glued together’ emoji as a sequence of separate emoji, with results that may visually be very different from what was intended.”
“This is acceptable for interpersonal communication, particularly when it is augmented by shared context, but it is not acceptable for internet identifiers, particularly DNS root labels that must be unambiguously resolved independent of any context.”
The SSAC recommends that the ICANN board should reject any new TLD that includes an emoji.