-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Handle fake links in messages #28755
Comments
That's already handled since a long time. tdesktop shows the URL in a dialog if you have a link with custom text. |
I’m not sure that’s enough. If it’s shown for any link with custom text, many users are probably used to clicking “Open” without looking. A link that pretends to be a different link is a cause for concern. A warning may even be a better solution here. More importantly, it doesn’t show the dialogue for inner Telegram links, including mini-app ones! |
I'm not sure how would that be different from the current dialog?
Would be much better if you provided concrete link example from the start. Maybe even a channel with a reproducing message. |
Is there no mechanism for a warning above the message itself? Like, a heading with red text and some exclamation mark icon or something... I feel like I’ve seen something remotely similar, maybe not for warnings. Or simply colour the link itself red and make it clear in the dialoge that something’s wrong, because the actual URL is not the same as the link text, instead of showing the regular message.
Sorry, I don’t have a channel, but you can just write |
Ok, can reproduce |
Is your feature request related to a problem?
Some scammers use links that look like
https://fragment.com/...
but actually lead to their mini-apps mimicking Fragment’s interface.https://medium.com/@p05h/sophisticated-telegram-based-scam-designed-to-fool-fragment-users-7d06334db111
Describe the solution you'd like
When a link’s text is a URL (and also not a parent of the real URL), display the real URL instead.
Describe alternatives you've considered
Alternatively, show some kind of warning on top of the message.
Additional context
No response
The text was updated successfully, but these errors were encountered: