-10

So I have been thinking this for a while, and I wanted to ask this on Meta, because this regards and applies to all Stack Exchange sites, not an individual one.

I want to know how we as a community or an individual can verify the integrity or safety of a hyper link posted in a Q/A or in a comment.

I think this issue needs some serious thought, as many of you may know, even visiting a hyper link can compromise device security and deploy malware, even if you exit immediately.

There are two situations that apply:

  1. Someone has a question relating to said hyper link, e.g, a computer virus question on Security SE, and includes the hyper link, for example this question includes a dangerous hyper link in the post.

This user has not meant any harm and explicitly states that this is related to their problems- if you common sense you wouldn’t click it- but if you accidentally clicked it- you could be in trouble.

Now I’m not suggesting banning hyper links or even banning bad hyper links, because they are very important.

  1. A new user signs up, makes up a convincing story, says [this] is a website or another post or anything, and then someone clicks it and gets a virus.

Obviously this user would then get removed, but they have accomplished their goal and can always make another account!

I just think this is something we should address.

Improve this question
4
  • 4
    This has already been discussed: Dealing with malicious links internally/externally
    – Sonic the Anonymous Hedgehog
    Commented May 11 at 7:43
  • Yes- but what about people posting them for security reasons- this is similar -thank you- but I wouldn’t say a duplicate.
    – security_paranoid
    Commented May 11 at 7:55
  • if you don't want a link to be clickable, wrap it in inline code something.
    – starball
    Commented May 11 at 10:42
  • 1
    So... I just checked the link from "for example", and apparently it's not "a dangerous hyper link", it's a legit Yandex link that redirects to the updated domain. I guess modern browsers warned that the link is dangerous because it's not HTTPS, but that's irrelevant because HTTPS doesn't mean the site is safe either :/
    – Meta Andrew T.
    Commented May 12 at 7:58

1 Answer 1

Reset to default
11

I want to know how we as a community or an individual can verify the integrity or safety of a hyper link posted in a Q/A or in a comment.

That is 100% on the individual. No one is forced to click a link. That rule doesn't go for just SE sites but for all links you find on the internet (or in your email, DMs etc.). And whether a link is "safe" might depend on where or who you are.

Even if you insist this needs to be addressed, I ask you: How and When?

How: What defines what a safe link is? Is there a database with OK-links? A database with blocked-links? I don't think such database exists. If you want to rely on human intelligence then my answer on Dealing with malicious links internally/externally applies.

When: Let's assume we solved the How, when do we verify? When the URL gets initially posted? That might be a fine URL now but gone haywire in 6 to 8 weeks. So we need to check on every page load if an URL is still safe? That would be a significant performance hit. And then we still have to deal with URLs in the API, SEDE or the datadump.

I'm not that worried about links. We're or should be living in a time where we understand that using the internet comes with inherent risks. Similar to go outside and participate in traffic: it is pretty unsafe but we manage to navigate those risks day in, day out.

If you want to be worried about accessing a Q/A I would look into images. We've had at least on instance where a bug in the Chrome browser was exploited in a zero-day fashion in a post. A specially crafted image crashed the browser. So loading the page was all it took to cause a Huh? moment for some users. A quick revision and redaction resolved that.

Make sure both you and your devices are up-to-date when it comes to security, threat vectors and mitigation. And when your cautionary usage of our sites notice something, please inform your fellow community members, be it a comment or a mod flag. Worst case you were over cautious, best case you prevented major mishaps.

Improve this answer
0

Not the answer you're looking for? Browse other questions tagged .