paul, (edited )
@paul@oldfriends.live avatar

It's Not Safe to Click Links on X Twitter | Lifehacker

Because of the way Twitter link previews works, bad actors are using the user agent to redirect Twitter's link preview bot to a safe URL and human visitors to malicious sites

Note, any website can trick a bot and send a bot one place and users' browsers another place, so this isn't limited to just Twitter. Always trust the site you are going to.

https://lifehacker.com/tech/its-not-safe-to-click-links-on-x

radundtat,
@radundtat@berlin.social avatar

@paul Is Mastodon immune to this?

skobkin,
@skobkin@lor.sh avatar

@radundtat @paul
Most likely no.

Mastodon also tries to fetch link data to generate a preview. So if you just add several lines of code to fool Mastodon's crawler, it'll work here too.

I'm saying "most likely" because I hadn't time to check Mastodon source code, but it usually works this way.

paul,
@paul@oldfriends.live avatar

@skobkin @radundtat

Another Mastodon preview issue, Mastodon strips certain code from the text URL for the Preview URL. Many people complain that gift link articles only work at certain sites if you click the text link while the preview link takes you to one where the code has been stripped out. The NYT is one major link that does this

Random example here:
https://mastodon.social/@randulo/112133125516933892

Text link takes you to the gift version while preview takes you to the default article link

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • ngwrru68w68
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • InstantRegret
  • GTA5RPClips
  • Youngstown
  • everett
  • slotface
  • rosin
  • osvaldo12
  • mdbf
  • kavyap
  • cubers
  • megavids
  • modclub
  • normalnudes
  • tester
  • khanakhh
  • Durango
  • ethstaker
  • tacticalgear
  • Leos
  • provamag3
  • anitta
  • cisconetworking
  • JUstTest
  • lostlight
  • All magazines
    •