Most of us are Reddit refugees, and probably clicking more random links than we ever did before on websites we’ve never seen before. This whole experience feels like the old internet, but also throws up insane red flags with a modern internet perspective. What are the cybersecurity weaknesses we should all be looking for, and what are the best practices?

Here’s my reason for posting this. As I search for new communities across instances to follow, I sometimes end up clicking a link and I’m no longer logged in. In the corner, that could be a Sign In link or it could be phishing. It’s likely due to me not understanding how to properly navigate this system, but there’s nothing stopping someone from setting up a sight like this as far as I know.

Thoughts?

  • KoboldCoterie@pawb.social
    link
    fedilink
    English
    arrow-up
    67
    ·
    1 year ago

    If you’re navigating to another community on their instance, you won’t be logged in. When you’re seeing that, check the URL. If you’re on lemmy.ml, you’re still on your instance; if not, you’ve navigated to that instance.

    There’s multiple ways to structure links, some of which will take you to that community via your instance, some not.

    Could it be phishing? Sure. But far more likely, you’re just on another instance where you don’t have an account (or at least an active login).

    • Artemis@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      Do you mind giving a short explainer of proper link formatting? I was struggling with this just a little bit ago

      • KoboldCoterie@pawb.social
        link
        fedilink
        English
        arrow-up
        27
        arrow-down
        1
        ·
        edit-2
        1 year ago

        If you link directly to the full URL (including the instance), you’ll take anyone who clicks it to that instance, and they won’t be logged in. This is usually not what you want. Example: https://pawb.social/c/tech - This link will take you to my instance.

        If you remove the instance URL, and just leave /c/communityname@instance - for example, /c/tech@pawb.social - the link will still take you to the community, but you’ll still be on your instance. This is usually desirable.

        Basically, instance -> community = link to that instance. Community -> instance = link to the community in whatever instance the user clicks it in.

        You can also use ! instead of /c/ - I think this might work better for Kbin users (since they use /m/ instead of /c/ - can’t verify this). In that case, it’d be: !tech@pawb.social

        • Azzu@lemm.ee
          link
          fedilink
          English
          arrow-up
          27
          ·
          edit-2
          1 year ago

          I won’t get tired of posting this everywhere it applies :D

          I made this userscript, which rewrites all links everywhere (not only on Lemmy) to always point to your home instance. So the link in your comment actually looks like this to me:

          i.e. even though you tried to link to your instance, my script rewrote your link back to my instance so it’s working fine :D

          But of course I can still hover over the icon to see how your link originally looked:

          • Staden_ スタデン@pawb.social
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 year ago

            Would be nice if third party apps implemented that functionality.

            Or if there were bots that automatically identify those external links and reply to them with a link to the community/post in other popular instances.

            • Azzu@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Why would or should this be a Firefox extension when it already runs perfectly well on Firefox?

              • h34d@feddit.de
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I’m curious, is there an advantage of running a script over an add-on? Like is it faster or takes less resources? Or did you just happen to code it like that? Not complaining though, it’s been working great for me so far.

                • Azzu@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  1 year ago

                  The advantage is I don’t have to learn how to build an addon. It just runs code which I already can write. There’s also the advantage that any browser can run JavaScript. Idk if any browser can run Firefox (or whatever) extensions.

                • Azzu@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  edit-2
                  1 year ago

                  As soon as you’ve installed your preferred user script extension like Violentmonkey it’s as simple as installing addons, you just click the “install” link on the script’s page.

                  There are lots of different useful ones.

          • Serinus
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            If the domain is always the same (your home instance) then remove the domain from the display.

            Your example would be !tech@pawb.social

          • Artemis@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            1
            ·
            edit-2
            1 year ago

            Okay I learned a few things, though they may be specific to Memmy.

            1. The /c/community@instance works, and opens the links in the app, rather than browser
            2. If you have text in front of your link, it doesn’t work. Might be a Memmy issue.
            3. I need to test, but I think #2 is responsible for the Null errors I’ve been getting when text is hyperlinked.

            Text testing #3 - confirmed, this returns the Null error.

            Now without prior text

            test - this also didn’t work

            test! - using a link beginning with ! Also didn’t work. Hmm.

            Edit from browser: Hyperlinked text isn’t working properly in Memmy

            • Bruce
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              1 year ago

              I love the “show source” button which gives access to how the tests are made.

        • DeadlineX@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          So just out of curiosity, since you’re the first person I’ve seen actually point out optimal linking with the ! Symbol, I have to ask how you pronounce it. For me, ! will always be “bang”, so I’m just curious what the pronunciation is.

          • KoboldCoterie@pawb.social
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            I use “Bang”, too, if I’m trying to verbally say it, though… that very rarely comes up. If I’m reading it, I don’t internally “pronounce” the symbol at all. If it was verbal, though, the above link would be bang tech at pawb dot social.

            • DeadlineX@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Thanks! That’s interesting. On Reddit I would internally ignore r/{sub} and I’d pronounce it in my head and out loud as sub. I think I’m just conditioned to be cognizant of !

              I suspect that the c/ notation will become more popular if we see a massive influx of Reddit users, and I’ve heard one of the instances (I think lemmy.world) doesn’t like the bang notation so that may also cause issues. Although if kbin uses m/ instead of c/ maybe will stay more popular. I’ve seen both but !community@instance seems most frequent.

        • SurpriseWaterfall@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Is there a similar way to handle linking to specific posts? I think all post urls are unique to that specific instance and I haven’t seen any way to do a translation between instances.

          • KoboldCoterie@pawb.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I don’t believe there is, because as you note, post IDs are instance specific. I’d be very interested in knowing how to do it, too, though, if there is in fact a solution.

      • Inductor@feddit.de
        link
        fedilink
        English
        arrow-up
        14
        ·
        edit-2
        1 year ago

        As far as I know, there are a few different link formats, and how well they work depends on which frontend you’re using:

        EDIT: At least using the web app, the first link is relative, and the others are not. So I think the correct format would be /c/<community>@<instance> for communities outside your instance.

      • soupspoon@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        The formatting !community@instance should let a user click through but still be logged in on their own instance, so that you can still read posts, vote and comment. If that doesn’t work, you can try entering that same thing into your instance search bar, or in your browser enter https://your instance/c/community@theirinstance

        It should all get a lot smoother as this platform is developed!

        I haven’t tried linking to a specific post on another instance, so I’m not sure of that formatting hmm

    • Scientician@waveform.socialOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      1 year ago

      Like I said… Most likely legit, but these issues will arise. This whole Fediverse thing feels like the first big thing to happen for whatever comes next. Which is great, but it would be foolish to think scammers, with modern tools wont try to exploit it. We all have some internet hygiene to figure out.