Hacker News new | ask | show | jobs
by jeroenhd 48 days ago
Right! Let me check the URL before clicking the "confirm your account" link!

https://rt434.mjt.lu/lnk/GN2PVLyAIiUHuMqkGcjHkjkcRBtF/zJfB7p...

Oh wait, never mind. I guess I won't be signing up for electricity, then?

Also, the vast majority of people don't know that google.com and loginto-google.com aren't the same website, or that google.com.securesigning.net isn't real Google.

If your device gets busted by opening a URL, without any further confirmation or user interaction, your browser/camera app/third party app is broken.
2 comments
olyjohn 48 days ago
What's the point of confirmation or user interaction, when nobody knows how to read a URL, and they just click the goddamn accept button?
link
jeroenhd 47 days ago
The user doesn't need to know the exact URL to confirm an interaction they've just started.

The point of the confirmation is 10% account creation and 90% confirming that the user knows their own email address and can type it in correctly. That's actually more challenging to the wider audience than you might think.

link
alfanick 48 days ago
> Oh wait, never mind. I guess I won't be signing up for electricity, then?

You ~~will~~ should be picking up your phone and calling the electrical company to confirm and to tell them their links are nonsense. Couldn't bother with AI agent on phone, or 60 min waiting queue to a human? Fuck it, don't pay the bill, figure it out later.

link
xp84 48 days ago
This advice sounds like nonsense. CS has neither knowledge of what layers of enterpriseware has wrapped their links, nor the domains that software uses, nor any control over those decisions by software engineering or marketing (or perhaps even more removed, some third-party electricity account management platform that they buy as a service).

You certainly could operate on policies like this, but I think most people prefer to spend their time differently instead of arguing with strangers who don't have any way to solve your problem.

link
jeroenhd 47 days ago
Their customer support people don't know what I mean and they especially don't have any power to change this.

The problem isn't paying the bills (I can't recall the last time I ever needed to do that manually), the problem is that pretty much every service uses trackers and shorteners. The only way to opt out is to opt out of society.

Maybe I should, but this "read the link before you click" advice isn't just geared towards hardcore privacy advocates. It hasn't worked in ages. It also doesn't help that companies like Outlook rewrite links to make them redirect through their malware scanners as well.

link