On 11 Oct 2006 at 19:12, Carl Houseman wrote: > Before tinyurl added this improvement, I guess they were > "less-well-thought-through" also.
Just so and I wouldn't click-through a tinyurl link before they wised up, either. > When it comes right down to it, you need to have certain protections in > place and exercise good judgement regardless of the URL. A long URL to a > known legit site doesn't guarantee that's where you'll end up. They could be > hacked, or your DNS server could be poisoned. In most cases, the context > surrounding the URL is a better indicator of whether clicking that URL is > going to be beneficial or damaging. Again, we go into the realm of good security practices. EVERYTHING you said about URLs you could as easily say about the URLs in phishing messages, but few people would argue that the anti-phishing machinery in vitually every email client is an unnecessary foolish thing (or back to my phrasing: that you'd argue that an email client that *DIDN"T* provide that kind of double-check for you was "well thought through"). The point is that with a sensibly setup URL-forwarding service, you have an extra level of protection and confirmation. You have the context, but if it were a phishing message it might well have fooled you, or perhaps you didn't read it carefully and absently clicked on the link... Providing a way station where you can see where you're *REALLY* going gives you another waystaing and strikes me as just-sensible security. Consider that if phishers start using "snipurl" URLs in their offerings, that'll completely sidestep the anti-phishing machinery in your email client. Is that a good thing? Is a site that provides that kind of 'service' to folks trying to do harm to your system providing a well thought-through service? It is clear that zillions of folk [even if not you] bite on phishing messages all the time, and they're somewhat protected now by having email clients that help them out. But badly thought-through services, like snipurl, evade that and put them back at the same risk. > So I try to avoid the "all or nothing" pitfall. Binary decisions are for > computers, not humans. I'm sorry, but that's what you have to make: either you click on the URL, and accept whatever happens, whereever it sends you, or you don't. At least with tinyurl I get *another*chance* to make sure I didn't make a mistake.. beyond "just the context" [which the phishers have shown they're *VERY* good at forging/faking], I also want to see the *actual* URL I'm going to go to. /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[EMAIL PROTECTED] Pearisburg, VA --> Too many people, too few sheep <-- -- ---------------------------------------- WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html Contact the List Owner about anything: [EMAIL PROTECTED] Official Win-Home List Members Profiles Page http://www.besteffort.com/winhome/Profiles.html
