site banner
naraburns  nihil supernum  1yr ago (text post)   3604 thread views

Small-Scale Question Sunday for October 30, 2022

Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?

This is your opportunity to ask questions. No question too simple or too silly.

Culture war topics are accepted, and proposals for a better intro post are appreciated.

4
Top Bottom Old Controversial Comments
Jump in the discussion.

No email address required.

Hoping early Monday isn't too late for a small-scale question, so here goes:

In the wake of a friend falling victim to a phishing scam in which they were convinced to send a screenshot of a link to a password reset page (indeed, head-slappingly bad), I'm currently being dragged in real life for my hot take, two-part opinion that

  1. This scam was facilitated by the common advice that you should NEVER follow links because they could be from a hacker and then you will get hacked! and

  2. This advice isn't actually very good, in the sense that nothing bad can really happen to you just from following some random link.

As a web developer I know something about how the web works, but obviously I don't know everything, so I'm curious if someone else can come up with a really bad outcome achievable just by clicking on a link. Could you, say, send an API request to a bank from within your webpage, and then read the response and cookies from the host page? I'm thinking this would be blocked by both browser and site technology. This has to be what CORS is for, right? Not just to annoy me while I'm developing?

Anyway, like I said, suggestions welcome.

Not a real programmer but... Aren't your question parameters too wide? If someone has a perfect (presumably zero day) exploit then the link question is just how much can come over bandwidth before user wizens up, and with a modern connection, that's a lot. Granted the only huge hacking op involving zero day exploits I've ever read about was Stuxnet, and that was USB shenanigans not anything protected by https or modern browsers but still.

Aren't your question parameters too wide? If someone has a perfect (presumably zero day) exploit

I suppose so. If somehow Chrome granted a page access to the entire filesystem, obviously that would be very bad. But you're probably protected against such an exploit because come on, are you really going to be the first person they target with this attack? Although I retract this skepticism if you are actually a billionaire.

So okay, are they any known ways that a site could extract important private information about a user just by visiting a site (and, let's say, scrolling)?

If somehow Chrome granted a page access to the entire filesystem, obviously that would be very bad.

Spoof it as just another accept/reject cookies. Tech illiterate can't tell.

Gotta admit I'm not about to read all that API documentation for window.showOpenFilePicker() but it looks like the user has to have a lot more specific interaction, i.e. choosing files on local disk, in order for the site to have access. So you wouldn't be able to get access just using some generic popup.

What is this place?

This website is a place for people who want to move past shady thinking and test their ideas in a court of people who don't all share the same biases. Our goal is to optimize for light, not heat; this is a group effort, and all commentators are asked to do their part.

The weekly Culture War threads host the most controversial topics and are the most visible aspect of The Motte. However, many other topics are appropriate here. We encourage people to post anything related to science, politics, or philosophy; if in doubt, post!

Check out The Vault for an archive of old quality posts. You are encouraged to crosspost these elsewhere.


Why are you called The Motte?

A motte is a stone keep on a raised earthwork common in early medieval fortifications. More pertinently, it's an element in a rhetorical move called a "Motte-and-Bailey", originally identified by philosopher Nicholas Shackel. It describes the tendency in discourse for people to move from a controversial but high value claim to a defensible but less exciting one upon any resistance to the former. He likens this to the medieval fortification, where a desirable land (the bailey) is abandoned when in danger for the more easily defended motte. In Shackel's words, "The Motte represents the defensible but undesired propositions to which one retreats when hard pressed."

On The Motte, always attempt to remain inside your defensible territory, even if you are not being pressed.


New post guidelines

If you're posting something that isn't related to the culture war, we encourage you to post a thread for it. A submission statement is highly appreciated, but isn't necessary for text posts or links to largely-text posts such as blogs or news articles; if we're unsure of the value of your post, we might remove it until you add a submission statement. A submission statement is required for non-text sources (videos, podcasts, images).

Culture war posts go in the culture war thread; all links must either include a submission statement or significant commentary. Bare links without those will be removed.

If in doubt, please post it!


Rules


Recommended Posts And Communities

Recommended Realtime Chats