When someone posts a link on X, the site generates a link preview. But reportedly, this system can be tricked, and bad actors can redirect you to malicious sites from a falsely advertised link preview.

As noted by security researcher Will Dormann, some posts on X purport to lead to a legitimate website, but actually redirect somewhere else. In Dormann’s example, an advertisement posted by a verified X user claims to lead to forbes.com. When Dormann clicks the link, however, it takes him to a different link to open a Telegram channel that is, “helping individuals earn maximum profit in the crypto market,” he said. In short, the “Forbes” link leads to crypto spam

    • @AtmaJnana@lemmy.worldEnglish
      133 months ago

      I have Nitter Redirect installed, but Nitter stopped working. So it just blackholes all X links. Some day I’ll add them to my pihole, I guess.

    • oce 🐆English
      83 months ago

      PrivacyBadger blocks embedded tweets, so since you’re probably not going to visit the website itself, it should do the trick.

      • @Agrivar@lemmy.worldEnglish
        63 months ago

        Plus, it has the added benefit of drawing attention to how many “articles” on other sites are just a long string of embedded tweets.

    • @4am@lemm.eeEnglish
      83 months ago

      PiHole can block any domain you want. AdGuardHome has a handy switch in the UI that does it for you.