Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Handle fake links in messages #28755

Open
natewind opened this issue Dec 12, 2024 · 5 comments
Open

[Security] Handle fake links in messages #28755

natewind opened this issue Dec 12, 2024 · 5 comments

Comments

@natewind
Copy link

natewind commented Dec 12, 2024

Is your feature request related to a problem?

Some scammers use links that look like https://fragment.com/... but actually lead to their mini-apps mimicking Fragment’s interface.

https://medium.com/@p05h/sophisticated-telegram-based-scam-designed-to-fool-fragment-users-7d06334db111

Describe the solution you'd like

When a link’s text is a URL (and also not a parent of the real URL), display the real URL instead.

Describe alternatives you've considered

Alternatively, show some kind of warning on top of the message.

Additional context

No response

@natewind natewind changed the title Handle fake links in messages [Security] Handle fake links in messages Dec 16, 2024
@ilya-fedin
Copy link
Contributor

ilya-fedin commented Dec 24, 2024

That's already handled since a long time. tdesktop shows the URL in a dialog if you have a link with custom text.

@natewind
Copy link
Author

I’m not sure that’s enough. If it’s shown for any link with custom text, many users are probably used to clicking “Open” without looking. A link that pretends to be a different link is a cause for concern. A warning may even be a better solution here.

More importantly, it doesn’t show the dialogue for inner Telegram links, including mini-app ones!

@ilya-fedin
Copy link
Contributor

A warning may even be a better solution here.

I'm not sure how would that be different from the current dialog?

More importantly, it doesn’t show the dialogue for inner Telegram links, including mini-app ones!

Would be much better if you provided concrete link example from the start. Maybe even a channel with a reproducing message.

@natewind
Copy link
Author

I'm not sure how would that be different from the current dialog?

Is there no mechanism for a warning above the message itself? Like, a heading with red text and some exclamation mark icon or something... I feel like I’ve seen something remotely similar, maybe not for warnings.

Or simply colour the link itself red and make it clear in the dialoge that something’s wrong, because the actual URL is not the same as the link text, instead of showing the regular message.

Would be much better if you provided concrete link example from the start. Maybe even a channel with a reproducing message.

Sorry, I don’t have a channel, but you can just write https://github.com in a Telegram message and change the actual URL to e. g. https://t.me/major?startapp

@ilya-fedin
Copy link
Contributor

ilya-fedin commented Dec 25, 2024

Sorry, I don’t have a channel, but you can just write https://github.com in a Telegram message and change the actual URL to e. g. https://t.me/major?startapp

Ok, can reproduce

@Aokromes Aokromes reopened this Dec 26, 2024
@Aokromes Aokromes removed the invalid label Dec 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants