As noted by security researcher Will Dormann, some posts on X purport to lead to a legitimate website, but actually redirect somewhere else. In Dormann’s example, an advertisement posted by a verified X user claims to lead to forbes.com. When Dormann clicks the link, however, it takes him to a different link to open a Telegram channel that is, “helping individuals earn maximum profit in the crypto market,” he said. In short, the “Forbes” link leads to crypto spam

    • m-p{3}@lemmy.ca
      link
      fedilink
      English
      arrow-up
      62
      arrow-down
      11
      ·
      edit-2
      8 months ago

      𝕏itter. In spanish (sorry, I was mistaken) some languages X sounds like sh, so it’s Shitter now.

      • ElJefe@lemm.ee
        link
        fedilink
        English
        arrow-up
        10
        ·
        8 months ago

        I’m sorry, what? Can you give some examples in Spanish where the letter x makes a sh sound?

        • dontpanic@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          2
          ·
          edit-2
          8 months ago

          I don’t speak Spanish (helpful eh?) but I remember when I was in Mexico I went to a cool place called Xel-Há, which was pronounced shell-ha. So there’s one.

          • nyan@lemmy.cafe
            link
            fedilink
            English
            arrow-up
            24
            ·
            8 months ago

            I don’t think that’s Spanish. Nahuatl, which is an indigenous language spoken in Mexico, does use x- to transcribe the sound commonly written as sh- in English, so that’s probably a Nahuatl place-name.

            In the case of Xitter, though, the reference is generally to Mandarin Chinese, which uses x- to transcribe one of the two or three distinct sounds in that language that all sound like sh- to Anglophones.

            • DannyBoy@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              8 months ago

              Why didn’t they use a Spanish word when they started that settlement in pre-first century (according to Wikipedia) history?

              • drivepiler@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                8 months ago

                The same reason half the state names in the US have indigenous origins, I suppose. Guess you’ll have to ask the colonizers.

                • DannyBoy@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  ·
                  8 months ago

                  I was asking why the Mayan people didn’t choose a Spanish name when they founded Xelha thousands of years ago.

        • sholomo@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          xoloitzcuintle, sometimes xcaret is pronounced as shcaret (not common tho)

        • Elsie@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          8 months ago

          It’s mostly places that carry the sound from old Spanish, as most old Spanish words with X’s changed to J’s.

      • Brewchin@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        8 months ago

        I always refer to it as Xitter or Xchan. I’m yet to encounter someone who doesn’t know which fallen brand I’m referring to.

      • Tiger Jerusalem@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        8 months ago

        Portuguese, people. X sound like sh in Portuguese. So Xopping, xell, xelter and Xitter. Words in Portuguese where X sounds like sh: xarope, xerife, xícara.

      • FreshLight@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        8 months ago

        Maybe you were thinking of “ix” which is pronounced “sh” in Spain e.g. when referring to “la caixa”, a bank. It refers to cash.

  • RatBin@lemmy.world
    link
    fedilink
    English
    arrow-up
    81
    arrow-down
    2
    ·
    8 months ago

    The best X to stay safe on X is to stop using X. Seriously, how many “final straws” are necessary before we all realize the place isn’t worth visiting anymore? The spicy memes no longer justify the many, many flaws and risks.

    .

      • GenderNeutralBro@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        15
        ·
        8 months ago

        For a long time Twitter and Facebook were what you made them. When it was mostly personal acquaintances, and later tight communities, you had pretty good control over your experience. That was a long time ago at this point, but I wouldn’t say it was always a dumpster fire.

        • r3df0x ✡️✝☪️@7.62x54r.ru
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          Facebook way back in the day was the shit. Everything was super private outside of groups which served as the public square. I haven’t found any federated platforms that come close. It might be seven or eight years now since I logged in.

          • LilaOrchidee@feddit.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 months ago

            Isn’t diaspora like that? They have a somewhat facebook-like interface and rely on ‘aspects’ to define how public or private something is. It is listed on the fediverse map, though it doesn’t use activitypub but a different protocol.

            • r3df0x ✡️✝☪️@7.62x54r.ru
              link
              fedilink
              English
              arrow-up
              1
              ·
              8 months ago

              You can manually set things to be private, but I don’t know if there’s any way to set everything as private by default.

              It has the problem with all Facebook alternatives where they feel like Twitter without post limits.

  • GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    69
    arrow-down
    1
    ·
    8 months ago

    Honestly, ANY platform that obscures links through redirection should be considered unsafe. If you can’t verify the target URL before you click the link, then you are asking trouble. Twitter and similar platforms do this so they can track you more effectively. (In the past it also served the purpose of shortening links to SMS-friendly lengths, but that ship sailed like 10 years ago.)

    Not that visibility automatically would make it safe, but it is the bare minimum required as a starting point.

  • pachrist@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    8 months ago

    I mean, clicking links in any kind of comment/forum type place on the internet can be dicey, even if it is exactly what it says it is.

    If you disagree, and the political standstill created by career politicians puts a sour taste in your mouth, visit www.lemonparty.org to find out more about how you can make a difference.

    • SupraMario@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      15
      ·
      8 months ago

      Nope, but this is musk hate…not common sense.

      You can replace X/Twitter with any platform that has users posting links and it doesn’t change. Discord? Steam? Sms? Signal? Facebook? Forums? Reddit?

      • skillissuer@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        8 months ago

        there’s a difference if the platform in question replaces every link with their own tracking link lengthener which only later redirects where it should. at least twitter and yt does this, preventing you from seeing real destination. some places don’t

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          4
          ·
          8 months ago

          So… basically every platform and anyone who is has 1/2 a brain cell to rub together and hide a link?

  • dynamojoe@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    8 months ago

    I need a firefox plugin that blocks Twitter. Not tweets from blue checkmarks, the whole damn site.

    • AtmaJnana@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      8 months ago

      I have Nitter Redirect installed, but Nitter stopped working. So it just blackholes all X links. Some day I’ll add them to my pihole, I guess.

    • oce 🐆@jlai.lu
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 months ago

      PrivacyBadger blocks embedded tweets, so since you’re probably not going to visit the website itself, it should do the trick.

      • Agrivar@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        8 months ago

        Plus, it has the added benefit of drawing attention to how many “articles” on other sites are just a long string of embedded tweets.

    • 4am@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      8 months ago

      PiHole can block any domain you want. AdGuardHome has a handy switch in the UI that does it for you.

  • gian @lemmy.grys.it
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    7
    ·
    8 months ago

    Damn, a security researcher discovered what was known from late 1990’s/early 2000’s: a link on a webpage could take you in a place that it is not the one the link say it will be.

    • wagoner@infosec.pub
      link
      fedilink
      English
      arrow-up
      9
      ·
      8 months ago

      I get the knee-jerk jaded cynicism but this is a little more nuanced than that.

      “All they have to do is set up two different URL destinations in their post. In the case outlined above, clicking the forbes.com link actually takes you to joinchannelnow.net. Once on this site, the server checks to see whether the request is coming from a typical browser (that’s you). If so, it’ll take you to the spam site, which for this situation is a crypto scam Telegram channel. However, if the server detects the request is coming from something else—like a X link-verifying bot—it’ll assume the request is not being made by a human; in these cases it returns a legitimate URL. So, even though the first link is to joinchannelnow, X checks it and is taken to forbes.com, and so it places that URL preview on the post. You’re experience will be different.”

  • Blackmist@feddit.uk
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    8 months ago

    Sounds like an issue with pretty much all URL shortening/redirection services on any service.

    Even if the link was legit when they posted it and always went to forbes (not that forbes is much more than blogspam these days), it might not be legit when you go to click on it.

    It’s all just 3rd party tracking bullshit anyway. The modern internet is horseshit.