| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by smt88 2535 days ago

> Can you define often?

It doesn't matter. It could be 1 out of every million hits, but it's still a source of malware. Most of us don't upgrade to the latest browser version the minute it's released, which makes us vulnerable.

> ads network is a good vector but so is Hacker News

Uhh... what are you talking about? HN has minimal JS, and they wrote it. Some ad networks are injecting JavaScript into your browser that they have never seen before and didn't write themselves.

I may trust, let's say, NYT not to serve me malware with code they wrote in their offices, but NYT is not the entity that wrote the JavaScript delivered in their ads.

> have you ever not clicked on a link on any of theses platforms and looked at the URL first?

You seem to be arguing that hyperlinks are an attack vector, which assumes such a broad interpretation of "attack vector" that the word becomes meaningless. It's like saying that an airplane is an attack vector because it can fly you into a war zone. Yes, it can... but I get to choose where I'm going.

Regarding that choice: these platforms show you the domain you're clicking through to, so you have a chance to bail. And with an ad blocker, you don't have to be as afraid to visit a malicious site. I have JS and ad blocking on by default, and I whitelist a site when it seems trustworthy enough.

1 comments

dwild 2535 days ago

> It doesn't matter.

It does matter, you used the word often, that word has a meaning.

> Uhh... what are you talking about? HN has minimal JS, and they wrote it. Some ad networks are injecting JavaScript into your browser that they have never seen before and didn't write themselves.

You never click on the article link? That page can be anything, thus include any JS.

> I get to choose where I'm going.

Thus you check every link before clicking on it? I feel like that's not the case, but I would applaud you to be consistent if you do.

> And with an ad blocker, you don't have to be as afraid to visit a malicious site.

Ad blockers only block ads, not malicious JS. If you visit a website which include malicious JS, it's just as bad as an ad that contains malicious JS.

> I have JS and ad blocking on by default

Blocking JS that's a good way to stop malicious JS. Blocking ads then is redundant, what does it give you more?