546

As noted by security researcher Will Dormann, some posts on X purport to lead to a legitimate website, but actually redirect somewhere else. In Dormann's example, an advertisement posted by a verified X user claims to lead to forbes.com. When Dormann clicks the link, however, it takes him to a different link to open a Telegram channel that is, "helping individuals earn maximum profit in the crypto market," he said. In short, the "Forbes" link leads to crypto spam

top 50 comments
sorted by: hot top controversial new old
[-] BedSharkPal@lemmy.ca 142 points 8 months ago

You mean twitter, it's called twitter.

[-] mp3@lemmy.ca 54 points 8 months ago* (last edited 7 months ago)

𝕏itter. In ~~spanish~~ (sorry, I was mistaken) some languages X sounds like sh, so it's Shitter now.

[-] Brewchin@lemmy.world 11 points 8 months ago

I always refer to it as Xitter or Xchan. I'm yet to encounter someone who doesn't know which fallen brand I'm referring to.

[-] ElJefe@lemm.ee 9 points 8 months ago

I’m sorry, what? Can you give some examples in Spanish where the letter x makes a sh sound?

[-] dontpanic@lemmy.blahaj.zone 4 points 8 months ago* (last edited 8 months ago)

I don’t speak Spanish (helpful eh?) but I remember when I was in Mexico I went to a cool place called Xel-Há, which was pronounced shell-ha. So there’s one.

[-] nyan@lemmy.cafe 23 points 8 months ago

I don't think that's Spanish. Nahuatl, which is an indigenous language spoken in Mexico, does use x- to transcribe the sound commonly written as sh- in English, so that's probably a Nahuatl place-name.

In the case of Xitter, though, the reference is generally to Mandarin Chinese, which uses x- to transcribe one of the two or three distinct sounds in that language that all sound like sh- to Anglophones.

[-] dontpanic@lemmy.blahaj.zone 4 points 7 months ago

That makes sense, thanks for teaching me something today :)

[-] criticon@lemmy.ca 5 points 8 months ago
load more comments (4 replies)
load more comments (4 replies)
[-] Pretzilla@lemmy.world 7 points 8 months ago
[-] Ignacio@sopuli.xyz 4 points 7 months ago

No, it doesn't.

Source: I'm from Spain.

load more comments (13 replies)
load more comments (2 replies)
[-] RatBin@lemmy.world 83 points 8 months ago

The best X to stay safe on X is to stop using X. Seriously, how many "final straws" are necessary before we all realize the place isn't worth visiting anymore? The spicy memes no longer justify the many, many flaws and risks.

.

[-] BearOfaTime@lemm.ee 16 points 8 months ago

"Anymore"

As if it hasn't always been a dumpster fire.

[-] GenderNeutralBro@lemmy.sdf.org 15 points 8 months ago

For a long time Twitter and Facebook were what you made them. When it was mostly personal acquaintances, and later tight communities, you had pretty good control over your experience. That was a long time ago at this point, but I wouldn't say it was always a dumpster fire.

load more comments (3 replies)
[-] GenderNeutralBro@lemmy.sdf.org 72 points 8 months ago

Honestly, ANY platform that obscures links through redirection should be considered unsafe. If you can't verify the target URL before you click the link, then you are asking trouble. Twitter and similar platforms do this so they can track you more effectively. (In the past it also served the purpose of shortening links to SMS-friendly lengths, but that ship sailed like 10 years ago.)

Not that visibility automatically would make it safe, but it is the bare minimum required as a starting point.

[-] Hamartiogonic@sopuli.xyz 14 points 8 months ago* (last edited 8 months ago)

Closer to 15 years ago. Skype and WhatsApp (before the FB nonsense) were viable options to SMS as long as your friends were also using the same app.

Although, the viability also depended on the price you had to pay for the data. If it’s like 1.5 €/MB, sending snail mail suddenly seems like a very appealing alternative. Some time around 2003-2005 there was still one company that actually charged that much while all the competitors were switching to monthly packages or even unlimited plans. The price range was absolutely wild back then.

[-] GenderNeutralBro@lemmy.sdf.org 10 points 8 months ago

That's true. I was referring specifically to Twitter's SMS integration. I forget exactly when they increased the tweet size limit beyond what could be sent via SMS, but it was a long time ago. At first, SMS was a big part of Twitter's success. People used Twitter on flip phones with no browser or apps. It was basically an SMS broadcast service.

[-] doublejay1999@lemmy.world 41 points 8 months ago

Cool but I don’t care what happens to anyone on that platform.

[-] pachrist@lemmy.world 31 points 7 months ago

I mean, clicking links in any kind of comment/forum type place on the internet can be dicey, even if it is exactly what it says it is.

If you disagree, and the political standstill created by career politicians puts a sour taste in your mouth, visit www.lemonparty.org to find out more about how you can make a difference.

[-] Thteven@lemmy.world 6 points 7 months ago

Thanks for the link, friend 🍋💦

load more comments (1 replies)
[-] KingThrillgore@lemmy.ml 28 points 7 months ago

It's Not Safe to Click on X

Fixed

[-] jwt@programming.dev 16 points 7 months ago

I once clicked on X and the whole window disappeared!

[-] CileTheSane@lemmy.ca 8 points 7 months ago
[-] I_Has_A_Hat@lemmy.world 5 points 7 months ago
load more comments (1 replies)
load more comments (3 replies)
[-] Bishma@discuss.tchncs.de 27 points 8 months ago

I don't even let my browser display embedded tweets anymore (via Privacy Badger). There are an odd amount of "news stories" that are just strings of embedded tweets.

[-] oce@jlai.lu 4 points 7 months ago

But the way, is it possible to hide the PrivacyBadger placeholder too?

load more comments (1 replies)
[-] n3m37h@lemmy.dbzer0.com 24 points 7 months ago

Twitter is such a shithole

[-] Holyginz@lemmy.world 10 points 7 months ago

I refuse to call Twitter X. It sounds like what an edgy teen would call a website and I also refuse to go along with anything an ass clown like elon wants.

[-] skillissuer@discuss.tchncs.de 23 points 8 months ago
load more comments (4 replies)
[-] OneStepAhead@lemmynsfw.com 23 points 8 months ago

Bots clicking on bots to get hacked by bots. I don’t see the issue here.

[-] ScruffyDucky@lemmy.world 21 points 8 months ago

Or you could end up in deep Xeet

[-] dynamojoe@lemmy.world 15 points 8 months ago

I need a firefox plugin that blocks Twitter. Not tweets from blue checkmarks, the whole damn site.

[-] AtmaJnana@lemmy.world 13 points 8 months ago

I have Nitter Redirect installed, but Nitter stopped working. So it just blackholes all X links. Some day I'll add them to my pihole, I guess.

[-] oce@jlai.lu 8 points 7 months ago

PrivacyBadger blocks embedded tweets, so since you're probably not going to visit the website itself, it should do the trick.

[-] Agrivar@lemmy.world 6 points 7 months ago

Plus, it has the added benefit of drawing attention to how many "articles" on other sites are just a long string of embedded tweets.

[-] 4am@lemm.ee 8 points 8 months ago

PiHole can block any domain you want. AdGuardHome has a handy switch in the UI that does it for you.

[-] Damage@feddit.it 12 points 8 months ago

Lifehacker still exists?

[-] gian@lemmy.grys.it 10 points 7 months ago

Damn, a security researcher discovered what was known from late 1990's/early 2000's: a link on a webpage could take you in a place that it is not the one the link say it will be.

[-] wagoner@infosec.pub 9 points 7 months ago

I get the knee-jerk jaded cynicism but this is a little more nuanced than that.

"All they have to do is set up two different URL destinations in their post. In the case outlined above, clicking the forbes.com link actually takes you to joinchannelnow.net. Once on this site, the server checks to see whether the request is coming from a typical browser (that's you). If so, it'll take you to the spam site, which for this situation is a crypto scam Telegram channel. However, if the server detects the request is coming from something else—like a X link-verifying bot—it'll assume the request is not being made by a human; in these cases it returns a legitimate URL. So, even though the first link is to joinchannelnow, X checks it and is taken to forbes.com, and so it places that URL preview on the post. You're experience will be different."

[-] Blackmist@feddit.uk 8 points 7 months ago

Sounds like an issue with pretty much all URL shortening/redirection services on any service.

Even if the link was legit when they posted it and always went to forbes (not that forbes is much more than blogspam these days), it might not be legit when you go to click on it.

It's all just 3rd party tracking bullshit anyway. The modern internet is horseshit.

[-] apfelwoiSchoppen@lemmy.world 6 points 8 months ago

An article talking about redirecting links on a site that uses redirect links for sharing its own content. x dot cahm -> twitter dot cahm

load more comments
view more: next ›
this post was submitted on 21 Mar 2024
546 points (96.7% liked)

Technology

59374 readers
3249 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS