| ▲ | h4x0rr 17 hours ago |
| Anyone else feels like this will be abused for phishing and/or malware distribution? |
|
| ▲ | kuschku 4 hours ago | parent | next [-] |
| It will be. We had the same issue with Matrix attachments. |
|
| ▲ | bigfatkitten 10 hours ago | parent | prev | next [-] |
| It'll take about 5 mins for that to happen and then for *.bsky.network to start getting blocked by Google Safe Browsing, Palo Alto, Bluecoat etc. |
|
| ▲ | lazystar 17 hours ago | parent | prev | next [-] |
| is there any hosting site that isn't? feels like a computing law at this point; if you build a hosting site, someone will try to use it for malicious purposes. |
| |
| ▲ | EGreg 16 hours ago | parent [-] | | Can’t you just make the hosting site features only be for real purposes? Like a link shortener which only forwards to a domain that matches the subdomain? Or only for watching videos and collecting metrics etc. | | |
|
|
| ▲ | remram 17 hours ago | parent | prev | next [-] |
| I don't see how. This is a direct link to the author's bluesky server (PDS) so of course it is controlled by them. |
| |
| ▲ | nicky0 an hour ago | parent | next [-] | | The link in question (linked from the the sumbitted link) is `porcini.us-east.host.bsky.network`. That's hosted by bsky, isn't it? | |
| ▲ | ndjdjddjsjj 13 hours ago | parent | prev | next [-] | | Phish could be this: $inane_marketing_trope ... Click here to Unsubscribe from Bluesky https://porcini.us-east.host.bsky.network/xrpc/com.atproto.s... ... Redirects to bad site. | | |
| ▲ | remram 11 hours ago | parent [-] | | As long as content is authored by the administrator of the server, I don't see where there is a security issue. It's like if you point to your own Apache server in your own domain where you host a scam page and say there's a security issue with Apache because you could do that. Or are you saying that you can make this person's server serve third-party content? | | |
| ▲ | ndjdjddjsjj 8 hours ago | parent [-] | | > Or are you saying that you can make this person's server serve third-party content? Http: yes see OP Email: not sure. Hopefully not. But spoofing happens. |
|
| |
| ▲ | benatkin 16 hours ago | parent | prev [-] | | Lack of moderation combined with an offical-sounding domain name. This would have to get the user to follow a link or call a phone number or something though. These are plausible. It's too bad the content-security-policy can't prevent following links. | | |
| ▲ | extraduder_ire 15 hours ago | parent | next [-] | | Bluesky seems to use a lot of totally different domain names for each part of their infrastructure, maybe for this reason. e.g. this one is bsky.network While they're nowhere close on volume, they're certainly beating microsoft in terms of the rate they're adding similar looking official URLs. | | |
| ▲ | whywhywhywhy 3 hours ago | parent | next [-] | | > bsky.network Shortening your brand to 4 letters when your chosen TLD is the same length as your full brand name is such a weird choice. | | | |
| ▲ | 15 hours ago | parent | prev [-] | | [deleted] |
| |
| ▲ | anon7000 14 hours ago | parent | prev [-] | | I mean, the way AT Proto is designed, moderation primarily happens on the app layer, not the protocol layer. So on an app like Bluesky, you can have a lot of moderation. But the protocol itself allows hosting arbitrary content in a distributed/decentralized way. |
|
|
|
| ▲ | 10 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | ineedaj0b 15 hours ago | parent | prev [-] |
| hehehe. I pinned it to the top research ideas. I'll get back to you on this |
