this post was submitted on 19 Jun 2023
163 points (99.4% liked)
Lemmy
2172 readers
3 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to [email protected].
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It makes it a little bit easier to do, but it is not difficult to replicate this effect without changing the URL in the title - using a redirected URL and changing the redirect address, for example.
I think that this small increase in the way this kind of attack can be delivered is more than counter-balanced by the convenience of having editable titles.
Most subreddits also blocked redirect links for (partially) reason.
You don't need to use a known redirect link. If the plan begins with a post that obtains 10,000 likes, I am sure the attacker can spend a small amount of effort and register a domain.
Surely you don't think that's equivalent to a simple 5 second copy paste of a new URL into the textbox, right?
And it's not just about attack vectors, it's also about stealth ads and misinformation
I'm not sure what you're getting at but he's right, it's incredibly simple to setup a new redirect site.
However, that also takes money, and effort, which is a reasonable barrier to entry. That was possible on Reddit before, but that it didn't take would suggest that it was more effort compared to the standard repost bot and all of that.
Subreddits can also curb things by filtering out unknown sources/domains, or unreliable ones.
Editing an existing post is a bit less effort, by comparison.