undefined | Better HN

0 pointsindec14y ago0 comments

Well, generally following the redirects is actually somewhat redundant. The idea of GSB is that URLs that lead to bad things would all be identified and added to the database.

Customising attacks for a given site specifically adds complexity and cost to the attack, which is really the aim for all of this sort of work. Everything you can do to drive up the cost of the attack makes you a less inviting target.

It would be a mistake to think that usb4ugc (or tools like it) would protect everyone all the time. It's never a replacement for vigilance and education on the user-side, just a useful extra line of defense.

0 comments

1 comments · 1 top-level

underwater14y ago

It's not really redundant. Legitimate users use redirectors like bit.ly all the time, so you can't blacklist them. If you're leaving such a big hole in your system then spammers will work around it in next to no time.

Etsy are big enough that it is worth the spammers time to do so. Once you get reach a certain size you can't just say "the user should be careful". Scammers and spammers will hammer at you because they know the numbers make it worth the effort. Users won't understand what's happening; they will have a bad experience and they will blame your product.

j / k navigate · click thread line to collapse