As noted by security researcher Will Dormann, some posts on X purport to lead to a legitimate website, but actually redirect somewhere else. In Dormann’s example, an advertisement posted by a verified X user claims to lead to forbes.com. When Dormann clicks the link, however, it takes him to a different link to open a Telegram channel that is, “helping individuals earn maximum profit in the crypto market,” he said. In short, the “Forbes” link leads to crypto spam
You must log in or register to comment.
Lifehacker still exists?
Or you could end up in deep Xeet
Would be interesting to know whether this was possible using the old preview system, and we didn’t see it until now, or whether it’s something that arose as a result of the link preview overhaul that they did not that long ago.
Damn, a security researcher discovered what was known from late 1990’s/early 2000’s: a link on a webpage could take you in a place that it is not the one the link say it will be.
I get the knee-jerk jaded cynicism but this is a little more nuanced than that.
“All they have to do is set up two different URL destinations in their post. In the case outlined above, clicking the forbes.com link actually takes you to joinchannelnow.net. Once on this site, the server checks to see whether the request is coming from a typical browser (that’s you). If so, it’ll take you to the spam site, which for this situation is a crypto scam Telegram channel. However, if the server detects the request is coming from something else—like a X link-verifying bot—it’ll assume the request is not being made by a human; in these cases it returns a legitimate URL. So, even though the first link is to joinchannelnow, X checks it and is taken to forbes.com, and so it places that URL preview on the post. You’re experience will be different.”
I don’t even let my browser display embedded tweets anymore (via Privacy Badger). There are an odd amount of “news stories” that are just strings of embedded tweets.
But the way, is it possible to hide the PrivacyBadger placeholder too?
There are a couple options for the Widget Replacement feature, but the easiest way to hide it is probably with a uBlock Origin filter.
I mean, clicking links in any kind of comment/forum type place on the internet can be dicey, even if it is exactly what it says it is.
If you disagree, and the political standstill created by career politicians puts a sour taste in your mouth, visit www.lemonparty.org to find out more about how you can make a difference.
Thanks for the link, friend 🍋💦
I also appreciate the link. This will be my new favorite website now that the one about goat husbandry no longer exists.
Cool but I don’t care what happens to anyone on that platform.
Honestly, ANY platform that obscures links through redirection should be considered unsafe. If you can’t verify the target URL before you click the link, then you are asking trouble. Twitter and similar platforms do this so they can track you more effectively. (In the past it also served the purpose of shortening links to SMS-friendly lengths, but that ship sailed like 10 years ago.)
Not that visibility automatically would make it safe, but it is the bare minimum required as a starting point.
Closer to 15 years ago. Skype and WhatsApp (before the FB nonsense) were viable options to SMS as long as your friends were also using the same app.
Although, the viability also depended on the price you had to pay for the data. If it’s like 1.5 €/MB, sending snail mail suddenly seems like a very appealing alternative. Some time around 2003-2005 there was still one company that actually charged that much while all the competitors were switching to monthly packages or even unlimited plans. The price range was absolutely wild back then.
That’s true. I was referring specifically to Twitter’s SMS integration. I forget exactly when they increased the tweet size limit beyond what could be sent via SMS, but it was a long time ago. At first, SMS was a big part of Twitter’s success. People used Twitter on flip phones with no browser or apps. It was basically an SMS broadcast service.
was it ever?
Nope, but this is musk hate…not common sense.
You can replace X/Twitter with any platform that has users posting links and it doesn’t change. Discord? Steam? Sms? Signal? Facebook? Forums? Reddit?
there’s a difference if the platform in question replaces every link with their own tracking link lengthener which only later redirects where it should. at least twitter and yt does this, preventing you from seeing real destination. some places don’t
So… basically every platform and anyone who is has 1/2 a brain cell to rub together and hide a link?
Your mom?
Bots clicking on bots to get hacked by bots. I don’t see the issue here.
Twitter is such a shithole
I refuse to call Twitter X. It sounds like what an edgy teen would call a website and I also refuse to go along with anything an ass clown like elon wants.
deleted by creator
“Anymore”
As if it hasn’t always been a dumpster fire.
For a long time Twitter and Facebook were what you made them. When it was mostly personal acquaintances, and later tight communities, you had pretty good control over your experience. That was a long time ago at this point, but I wouldn’t say it was always a dumpster fire.
Facebook way back in the day was the shit. Everything was super private outside of groups which served as the public square. I haven’t found any federated platforms that come close. It might be seven or eight years now since I logged in.
Isn’t diaspora like that? They have a somewhat facebook-like interface and rely on ‘aspects’ to define how public or private something is. It is listed on the fediverse map, though it doesn’t use activitypub but a different protocol.
You can manually set things to be private, but I don’t know if there’s any way to set everything as private by default.
It has the problem with all Facebook alternatives where they feel like Twitter without post limits.
Sounds like an issue with pretty much all URL shortening/redirection services on any service.
Even if the link was legit when they posted it and always went to forbes (not that forbes is much more than blogspam these days), it might not be legit when you go to click on it.
It’s all just 3rd party tracking bullshit anyway. The modern internet is horseshit.
An article talking about redirecting links on a site that uses redirect links for sharing its own content. x dot cahm -> twitter dot cahm
It’s Not Safe to Click on X
Fixed
Even if X is just a placeholder for anything.
I once clicked on X and the whole window disappeared!
It’s Not Safe on X
Fixed
It’s Not Safe
Fixed
⠀
Fixed
If anyone thinks MAGA isn’t alive and well on lemmy, note that this comment was downvoted.
I don’t think anyone is particularly surprised that there are chuds wandering into Lemmy on occasion.
