Author

Topic: Proposal: Adding grey underline in every links (Read 539 times)

legendary
Activity: 2730
Merit: 7065
i was just looking for some risks and possible threat to someone's btt profile ! i found this! as an android user (not sure about ios devices) it's so much hard to identify the difference! I don't use the btt often so it's so much hard for me to detect! is there any solution to this? like filtering out the phishing site and ban them from btt? so that no one could use that link in btt forum and get a warning for using them
If you can't even see the link because it's hidden somewhere in the post, it's unlikely you would even click on it. How would it even happen? You would have to click on every word, character, and empty space to find the hidden hyperlink. No one does that.

If Bitcointalk had some sort of database with known phishing links, it would need to be a work in progress that has to be constantly updated and maintained by someone. Hackers, scammers, and thieves aren't resting and are creating new sites and ways to attack people daily. If the forum banned sites 1-100, they can just create new ones.

Besides, there already is some sort of script that recognizes unwanted links and domains. I have seen links being broken with the message "suspicious link removed". 
sr. member
Activity: 1008
Merit: 366
i was just looking for some risks and possible threat to someone's btt profile ! i found this! as an android user (not sure about ios devices) it's so much hard to identify the difference! I don't use the btt often so it's so much hard for me to detect! is there any solution to this? like filtering out the phishing site and ban them from btt? so that no one could use that link in btt forum and get a warning for using them
legendary
Activity: 1554
Merit: 1139
This is a very good catch and just thinking of it, I can see so many ways this "bug" can be exploited and used to scam or steal accounts. Would not post them, as not to give anyone ideas, but a certain tag should be added so hyperlinks would be distinguished from the rear of the post.

Also, would it be possible to have a notification before opening links, sort of "are you sure you want to b redirected to..."
This would prevent inadvertently clicking on links, especially when you're on mobile.
Adhoc links or hyper-text-links is one forum programming that I like. You know, it states the links subject simply and it can be easily used in a way that, it blends with the sentence structure although yeah, as proposed by OP, it could be used to do some damages. Scammers who are phishing for whatever details are fully aware that, one is likely not to click on a suspicious link and as such would just go for an alternative in making a harmful link seem harmless by making it click bate and forum related enough to make users loose therr gaurd. I once saw a user whom reported right here in meta of an attempt by some other user to pish for his login details using adhoc or hyper text links through a pm.

I don't see how this can easily be abused for phishing. That's much easier by using a fake visible link: google.com.
I understand the scenario your trying to relate here, in relating to the fact that, the probability of users falling victim by clicking a hyper texted link within a wall of text is less than that of a link being simply stated out and that's true. That's really true but even at that, if we are to take a look at the operation of most ads these days, the 'x' and '>' symbols along with others have been known to skip the ads or pass and somehow, these guys have input that in there programming while the count down is still reading with the skip icon yet to be displayed. Where your attempt to skip ends up being you, clicking the redirecting page itself. Like, a whole page serving as a link. Same guys for the forum too. Some serious user might use his or her whole text as an adhoc link and your little attempt to keep your device brightness on by just clicking or taping your device screen, ends you in a redirecting pathway.
copper member
Activity: 2562
Merit: 2510
Spear the bees
User awareness and caution is so exhausting to manage. What about a welcome message, though?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
If theymos put some restriction/limit on it, like signature space, It can be prevented. If I am not wrong, Only Legendary members' signatures space can use the background color. He can put some restrictions on coloring URLs, too (In my opinion, Coloring URLs should not be allowed for anyone) like Signature space.
What's with people asking for more and more restrictions all the time? Eddie13 sums it up nicely:
Should never have put the temporary illusion of safety above personal liberty..
There are thousands of websites that restrict their users in all possible ways. I don't know any site that offers the same freedom as Bitcointalk. Cherish it, instead of trying to turn it into all the other sites.

Don't forget the forum's mission:
the forum's mission to be as free as possible.
If your safety depends on the color of a link on the internet, maybe the internet isn't for you.
sr. member
Activity: 476
Merit: 523
That's much easier by using a fake visible link: google.com.

In my opinion, This is more dangerous than OP mentioned. If I hover over the link, I know I can see the original link on your screen's bottom-left corner. But, This is another easy way to make people fool.

No it doesn't work, either green or blue URLs will be changed to forum's background color. So you can't differentiate the URLs is Bitcointalk URLs or non Bitcointalk URLs.

Another change can prevent it. If theymos put some restriction/limit on it, like signature space, It can be prevented. If I am not wrong, Only Legendary members' signatures space can use the background color. He can put some restrictions on coloring URLs, too (In my opinion, Coloring URLs should not be allowed for anyone) like Signature space. Still, I believe your suggestion is easier to implement.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Also, would it be possible to have a notification before opening links, sort of "are you sure you want to b redirected to..."
This would prevent inadvertently clicking on links, especially when you're on mobile.
If this gets implemented, I'd appreciate a "don't ask me again" checkbox. Kinda like the "delete post" button: if I click it normally, there's a popup, but if I click it with my middle mouse button (to open in a new tab), it doesn't ask me anything and just deletes the post.
legendary
Activity: 2730
Merit: 7065
If yes, that means one can be wearing signature of a company and still be promoting his personal signature through hiding links.
Maybe. But don't forget that signature space is limited. Chances are that most of that character space is already lost because of the sig you are wearing, so you won't be able to do much with what remains. One way around it is if a Hero/Legendary would wear a sig for a Member/Full Member, which leaves him with enough room to include other things in his signature space.

Good campaign managers surely check if there are additional lines and entries in the signature that shouldn't be there. It's against the rules to have that.
Here is just one example:

7. Adding additional lines into your signatures is not allowed.
 
hero member
Activity: 1134
Merit: 643
BTC, a coin of today and tomorrow.
Using this to spread phishing or malware links isn't really the best way to do it. Think about it. If you wanted to share something malicious, your goal is to have as many people click on that link as possible. You can't click on something you don't even know is there and if you don't even see it unless you come across it by mistake like when quoting a post the way you did.

But the possibility to take advantage of it is definitely there and if theymos can quickly fix that, I hope he does.
+1
I thought about this immediately after reading OP. The essence of spreading phishing links is to have victims click on it as many times as possible or as fast as possible.
Phishing links I know are not invisible traps set and waiting to catch even if one person in one year. Phishing sites come with some baits to enable it catch many victims within a short possible time.
Hiding a Phishing link with the forum background color will yield no much results because I don't see myself clicking every word or blank spaces.
This will work unless there is a kind of SEO optimisation the spreader wants through the link. Does it really work that way?
If yes, that means one can be wearing signature of a company and still be promoting his personal signature through hiding links.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino

Also, would it be possible to have a notification before opening links, sort of "are you sure you want to b redirected to..."
This would prevent inadvertently clicking on links, especially when you're on mobile.
Totally support this, I access Bitcointalk mostly with a mobile phone and I can testify that there are times when I want to scroll and I mistakenly touch a link and it opens right away without any kind or form of warning, and when this happens, I have to press the back button to return back to the page I was before.
There are times too when If I want to zoom the content of the page to enable me see the words clearly, the above happens too.

Exactly. On mobile platforms you can accidentally activate hidden links upon random tapping on blank spaces. That's a lot easier to abuse than on a desktop computer. But this is unfortunately true for all websites as well.

I personally support the idea of having a notification or pop-up for all external links on the forum.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform

Also, would it be possible to have a notification before opening links, sort of "are you sure you want to b redirected to..."
This would prevent inadvertently clicking on links, especially when you're on mobile.
Totally support this, I access Bitcointalk mostly with a mobile phone and I can testify that there are times when I want to scroll and I mistakenly touch a link and it opens right away without any kind or form of warning, and when this happens, I have to press the back button to return back to the page I was before.
There are times too when If I want to zoom the content of the page to enable me see the words clearly, the above happens too.

Introducing a pop up warning notification before opening a link will be really helpful, I believe this won't be to difficult to implement since we already since we already have a similar pop up whenever we click the "watch" topic or "unwatch" topic button, similar pop up can be built to come up when links are clicked too.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
I don't see how this can easily be abused for phishing. That's much easier by using a fake visible link: google.com.
I'm not sure how easy or practical this would be, but one way I can see this done is if a user creates a phishing link hidden in the post which will redirect to a fake forum log in page. If a users clicks on a link deliberately to take them there, they would be fairly certain it's a phishing link, but if they do not do so and just get redirected, that could be mistaken as a forum pop up which wants to confirm their password.

Regular members should easily spot this, but I wouldn't know for those who've not been here for a while.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
It sounds a nice proposal to improve the interface of the forum for hyperlinks in particular.

However, you should know an important point that the forum is run on SMF software that is difficult to make improvement with coding and some requirement can be impossible with SMS. It is what theymos said when people ask about the Epochtalk development progress (new forum software childboard) and in the meantime, ask for changes in this forum.

I think your request can be done by theymos because he does it for Merit (green highlight) so he can do the same for hyperlink.

But you can ask BPIP team (suchmoon ie.) to add it into their BPIP extension.
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
So it appears the OP has found a way to hide the fact that there is a link within a post.

If all links were to look a certain way, someone could simply format their post to hide any links in their post. Although, forcing a link to look a certain way would make any hidden links stand out more.

I think the main reason why someone would want to hide the fact they are posting a link is for black-hat search result reasons (aka backlink spam). However much of the backlink spam is already more or less nonsense and these types of spammers do not need their posts to be up for very long.
legendary
Activity: 2730
Merit: 7065
Using this to spread phishing or malware links isn't really the best way to do it. Think about it. If you wanted to share something malicious, your goal is to have as many people click on that link as possible. You can't click on something you don't even know is there and if you don't even see it unless you come across it by mistake like when quoting a post the way you did.

But the possibility to take advantage of it is definitely there and if theymos can quickly fix that, I hope he does.

Also, would it be possible to have a notification before opening links, sort of "are you sure you want to b redirected to..."
This would prevent inadvertently clicking on links, especially when you're on mobile.
+1
Only for external links though. There is no need for that if the link redirects you to a different forum post.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I see there's a hidden hyperlink on his post.
Use Report to moderator. In this case, because there's only one post with a spam link, I typed:
That's hidden hyperlink isn't harm anyone
The harm is done by spambots that create many accounts to spam useless posts for backlinks.

Quote
The main reason why I proposed this because I've seen so many people trapped into phishing sites
I don't see how this can easily be abused for phishing. That's much easier by using a fake visible link: google.com.

There was a time when every HTML link in the internet was blue underlined. Those were the days Cheesy
Most sites remove it because it looks better without all the bling.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Quite surprising how after a decade, this proposal has been made just now. Though it's really funny how people (I'm guessing blogging beginners) who do this loophole or "trick" as if it actually helps them SEO-wise, because it really doesn't. Especially knowing that a lot of the links that these people spam here aren't even bitcoin/crypto related to start with.
hero member
Activity: 1148
Merit: 796
So its up to the user if he will proceed to access the URL or not since we can hovered it before clicking it.
No it doesn't work, either green or blue URLs will be changed to forum's background color. So you can't differentiate the URLs is Bitcointalk URLs or non Bitcointalk URLs.
Anyway thanks for the info.

Also, would it be possible to have a notification before opening links, sort of "are you sure you want to b redirected to..."
This would prevent inadvertently clicking on links, especially when you're on mobile.
I agree with your suggestion, however the cons of this feature is you need to spend more time to click "yes or no" option, some people might doesn't want it. Perhaps, it's can be an optional feature whether the user want to active it or not, I guess.
hero member
Activity: 1554
Merit: 880
pxzone.online
As far as i remember theymos had made a bitcointalk related URLs hovered with green color same with the underlined thing on the link. All non bitcointalk-related URLs are just ordinary either they put colors in it or not.
That feature is made to differentiate links and same with your reasons to avoid getting malware, phishing links and even scams. Accessing anything that is NON bitcointalk-related URLs are considered as risky and might steal device data and etc.
So its up to the user if he will proceed to access the URL or not since we can hovered it before clicking it.

Edit: Heres the thread of theymos im referring to https://bitcointalksearch.org/topic/green-hover-color-for-bitcointalkorg-links-1432118
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
This is a very good catch and just thinking of it, I can see so many ways this "bug" can be exploited and used to scam or steal accounts. Would not post them, as not to give anyone ideas, but a certain tag should be added so hyperlinks would be distinguished from the rear of the post.

Also, would it be possible to have a notification before opening links, sort of "are you sure you want to b redirected to..."
This would prevent inadvertently clicking on links, especially when you're on mobile.
hero member
Activity: 1148
Merit: 796
This thread was created when I stumbled this post, first I think his post is normal and doesn't have anything suspicious since there's nothing different in my eyes e.g. font size, font color, links etc. I wanted to reply his post, so I have to quote his post, then I see there's a hidden hyperlink on his post. A normal link or hyperlink will shown with pastel blue color, but since he's using black color on his link, no one will noticed it except we quoting his post or hovering our pointer to each words of his post. That's hidden hyperlink isn't harm anyone, but I'm thinking in the future there will be scammer might using this method to scam anyone.

Since we can change our font color with any color, then I tested out to change the font color with the bitcointalk's background. It worked!

Apocollapse <- A word colored with forum's background color (#ecedf3)
Code:
[color=#ecedf3]Apocollapse[/color]


My next experiment is using forum's background color and hyperlink.

Apocollapse <- A word colored with forum's background color and hyperlink
Code:
[url=https://bitcointalk.org][color=#ecedf3]Apocollapse[/color][/url]
In this version, you can still see a difference when you're hovering your pointer to the exact word, there's a black underline.


Now what if I'm combining the forum's background color, hyperlink and underline?

Apocollapse <- A word colored with forum's background color, hyperlink, and underline.
Code:
[url=https://bitcointalk.org][color=#ecedf3][u]Apocollapse[/u][/color][/url]
In this version, if you didn't really pay attention you wouldn't noticed there's a hidden hyperlink since there's no black underline show up even you've hovering your pointer. This because if you change the font color, both of underline and strikethrough color will follow the exact font color too, it looks invisible.

Apocollapse
Apocollapse

If you're using PC to open this forum, you can still see the link show up on bottom left corner, however if you're using phone you can't (but you can press and hold to see the link). Dragging the whole post or quote is the only way to see the hidden words and hyperlinks.

This trick can be worse if someone use it on the blank spot between each paragraph/sentence, anyone wouldn't notice since it looks like a normal text, below is the example:

"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Volutpat sed cras ornare arcu dui vivamus. Nunc sed velit dignissim sodales. Urna id volutpat lacus laoreet non curabitur gravida arcu. Sociis natoque penatibus et magnis dis parturient montes nascetur ridiculus. Tortor at risus viverra adipiscing at in tellus integer. Nunc non blandit massa enim nec dui nunc mattis. Faucibus et molestie ac feugiat. Pharetra massa massa ultricies mi quis hendrerit dolor magna eget. Nunc consequat interdum varius sit amet. At varius vel pharetra vel. Porttitor lacus luctus accumsan tortor posuere ac ut consequat.
Id velit ut tortor pretium viverra. Maecenas volutpat blandit aliquam etiam erat velit scelerisque in. Vestibulum lectus mauris ultrices eros in cursus. Porta non pulvinar neque laoreet suspendisse interdum consectetur.
Diam quam nulla porttitor massa id neque. Nibh mauris cursus mattis molestie a iaculis at. Sagittis aliquam malesuada bibendum arcu vitae elementum curabitur. Montes nascetur ridiculus mus mauris vitae ultricies leo. Cursus eget nunc scelerisque viverra. Enim neque volutpat ac tincidunt. At varius vel pharetra vel turpis nunc eget lorem dolor. In est ante in nibh mauris cursus mattis molestie a. Integer quis auctor elit sed vulputate mi sit. Adipiscing enim eu turpis egestas pretium aenean pharetra magna ac. Cras semper auctor neque vitae. Ultrices eros in cursus turpis massa tincidunt dui. Massa tincidunt nunc pulvinar sapien et ligula ullamcorper. Morbi tristique senectus et netus et malesuada. Eget nunc lobortis mattis aliquam faucibus purus in. Hendrerit gravida rutrum quisque non. Id diam vel quam elementum pulvinar etiam. Mollis nunc sed id semper risus in hendrerit gravida rutrum.
Sed viverra ipsum nunc aliquet bibendum enim facilisis gravida. Nulla porttitor massa id neque aliquam vestibulum morbi. Feugiat pretium nibh ipsum consequat nisl.
Ac turpis egestas sed tempus urna et pharetra. Tellus integer feugiat scelerisque varius morbi enim nunc faucibus a. Dictum non consectetur a erat nam at lectus. Ridiculus mus mauris vitae ultricies leo. Id venenatis a condimentum vitae sapien pellentesque habitant morbi. Praesent elementum facilisis leo vel fringilla. Leo in vitae turpis massa sed elementum tempus egestas sed. Tincidunt eget nullam non nisi. Platea dictumst quisque sagittis purus sit. Interdum velit laoreet id donec ultrices tincidunt arcu non. Curabitur vitae nunc sed velit dignissim sodales. Ut etiam sit amet nisl purus in. Purus sit amet luctus venenatis lectus magna fringilla urna. Sit amet luctus venenatis lectus. Elit eget gravida cum sociis natoque penatibus et magnis dis. Dictumst quisque sagittis purus sit amet volutpat consequat mauris nunc. Scelerisque fermentum dui faucibus in. Rutrum quisque non tellus orci ac. Mi sit amet mauris commodo quis imperdiet massa"

Code:
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Volutpat sed cras ornare arcu dui vivamus. Nunc sed velit dignissim sodales. Urna id volutpat lacus laoreet non curabitur gravida arcu. Sociis natoque penatibus et magnis dis parturient montes nascetur ridiculus. Tortor at risus viverra adipiscing at in tellus integer. Nunc non blandit massa enim nec dui nunc mattis. Faucibus et molestie ac feugiat. Pharetra massa massa ultricies mi quis hendrerit dolor magna eget. Nunc consequat interdum varius sit amet. At varius vel pharetra vel. Porttitor lacus luctus accumsan tortor posuere ac ut consequat.
[url=https://bitcointalk.org][color=#ecedf3][u]Id velit ut tortor pretium viverra. Maecenas volutpat blandit aliquam etiam erat velit scelerisque in. Vestibulum lectus mauris ultrices eros in cursus. Porta non pulvinar neque laoreet suspendisse interdum consectetur.[/u][/color][/url]
Diam quam nulla porttitor massa id neque. Nibh mauris cursus mattis molestie a iaculis at. Sagittis aliquam malesuada bibendum arcu vitae elementum curabitur. Montes nascetur ridiculus mus mauris vitae ultricies leo. Cursus eget nunc scelerisque viverra. Enim neque volutpat ac tincidunt. At varius vel pharetra vel turpis nunc eget lorem dolor. In est ante in nibh mauris cursus mattis molestie a. Integer quis auctor elit sed vulputate mi sit. Adipiscing enim eu turpis egestas pretium aenean pharetra magna ac. Cras semper auctor neque vitae. Ultrices eros in cursus turpis massa tincidunt dui. Massa tincidunt nunc pulvinar sapien et ligula ullamcorper. Morbi tristique senectus et netus et malesuada. Eget nunc lobortis mattis aliquam faucibus purus in. Hendrerit gravida rutrum quisque non. Id diam vel quam elementum pulvinar etiam. Mollis nunc sed id semper risus in hendrerit gravida rutrum.
[url=https://bitcointalk.org][color=#ecedf3][u]Sed viverra ipsum nunc aliquet bibendum enim facilisis gravida. Nulla porttitor massa id neque aliquam vestibulum morbi. Feugiat pretium nibh ipsum consequat nisl.[/u][/color][/url]
Ac turpis egestas sed tempus urna et pharetra. Tellus integer feugiat scelerisque varius morbi enim nunc faucibus a. Dictum non consectetur a erat nam at lectus. Ridiculus mus mauris vitae ultricies leo. Id venenatis a condimentum vitae sapien pellentesque habitant morbi. Praesent elementum facilisis leo vel fringilla. Leo in vitae turpis massa sed elementum tempus egestas sed. Tincidunt eget nullam non nisi. Platea dictumst quisque sagittis purus sit. Interdum velit laoreet id donec ultrices tincidunt arcu non. Curabitur vitae nunc sed velit dignissim sodales. Ut etiam sit amet nisl purus in. Purus sit amet luctus venenatis lectus magna fringilla urna. Sit amet luctus venenatis lectus. Elit eget gravida cum sociis natoque penatibus et magnis dis. Dictumst quisque sagittis purus sit amet volutpat consequat mauris nunc. Scelerisque fermentum dui faucibus in. Rutrum quisque non tellus orci ac. Mi sit amet mauris commodo quis imperdiet massa.


The main reason why I proposed this because I've seen so many people trapped into phishing sites, mostly the victim is a newbie, but a few old user can still tricked too. I did google and found some old threads of Bitcointalk's forum phishing before:
1. [BEWARE!] Bitcointalk Credential Phishing Attack -- Targeting Collectibles
2. ⚠️ BITCOIN-TALK FORUM PHISHING WEBSITE! BE AWARE!! ⚠️

I have visited another crypto forum built with SMF and all of the links posted have grey underline color, I guess this forum is possible to add this feature isn't? This what it looks after adding grey underline in every links:


Though you're using forum's background colors (#ecedf3 color for odd number post #1,#3,#5 etc and #f6f6f6 color for even number post #2,#4,#6 etc) anyone can still see a grey underline.
Jump to: