Kevin RussellJul 6, 2023

WARNING: Phishing Attacks, HTML markup to hide urls, are now in Mastodon.

While Mastodon does not have markup to allow hiding urls, they share API with "friendica" and friendica ALLOW HIDING URLS.

And friendica accounts can post on Mastodon.
I have asked for a solution, none is forthcoming.

Click NO LINKS that come friendica. Be wary of links on Mastodon, as if Mastodon were "email" - without any protections.

Multiple reports of other fediverse branches allow hiding urls. No Clicking links

Show threadyuki - queen of the snowJul 6, 2023
@kevinrns so wait, are you worried about this kinda thing?
Example Domain

Show threadKevin RussellJul 6, 2023

@yukijoou

Hey look, "whatever the hell this fediverse branch is" can phish svams too.

Mastodon is a sloppy fucking mess. Security is a joke.

Do Not EVER CLICK Any Links On Mastodon.

#Mastodon Is Just As Safe As Email 👈

Show threadyuki - queen of the snowJul 7, 2023

@kevinrns running akkoma here, i assume pretty much all fediverse software will allow you to post such links though. and yeah, it’s “just as safe as emails”, it’s still just a fancy html editor after all, why would it be safer?

you’re still on the internet, i’d argue you’re still expected to follow basic security advice, like checking the url you’re going to when hovering, checking the url bar before entering any information, and using a context-aware password manager for all your logins that doesn’t autofill when the domain doesn’t match.

this kind of link customisation feature has been available on forums and online boards for decades at this point. some more modern internet discussion platforms seem to have removed it, which i think made some people forget, or just not learn, to use those other, safer, ways of ensuring the url you’re clicking on is what you expect. maybe mastodon should warn users with a pop-uo before opening such links? i don’t know, i’m not a ux designer, you can advocate for it upstream with whichever fediverse software you’re using if you want it tho, fedi is all about havibg options, after all

Show threadKevin Russell

@yukijoou

Did I answer this? The freedom to hide urls reminds me of the right to racist propaganda.

Let me phish! For freedom.

Jul 7, 2023 at 12:40amWeb
Show threadyuki - queen of the snowJul 7, 2023

@kevinrns well, this is the web, you are free to use extensions on your webbrowser that change that behaviour if you don’t like it. it seems far from the same as propaganda to me

if you’re just looking for excuses to be angry at something, i see no point in arguing further. if you really want change, i suggest advocating for it on the mastodon and other fediverse-compatible social network’s issue trackers

keep in mind though that this is an ability websites have had since the world wide web was invented at cern, and this is the first time i’ve heard it being compared to propaganda