As a stop-gap measure, I would say that a URL splitter would be better than a tinyurl conversion if there's a real chance that the redirect could be hacked/intercepted. Alternatively, have the URLBot link to the preview-able version of tinyurl (as I've mentioned in one of my posts above).
So you are against practicing safe internet? Remind me never to try a link or file from you.
I can't believe how much social networking and microblogging has made supposedly intelligent people so accepting of such high-risk practices as letting uncontrolled third parties get in the middle of http requests. It's simply staggering.
A perfect example of why we will never get rid of spam and phishing, so many people simply choose to ignore obvious safety practices.
I think you may find that he likes it, as he can misuse it as was evidenced earlier in chat
There are many things that are security risks on the Internet. Urlbot isn't one of them. Tinyurl is a well-known url shortener. It takes the original url and hashes it to a short url with a consistent algorithm. The same url always results in the same tinyurl, and no two urls will have the same tinyurl. If the original url is safe, then the tinyurl will also be safe. Assuming that the tinyurl site isn't hacked, which I think is a pretty safe assumption since it has been around for years and is widely used, the tinyurl is just as safe as the original url.
If you have a properly patched and up-to-date web browser, the assumption of the web is that html and javascript cannot infect your machine (zero day browser exploits being the exception). Even pdf files and flash are generally assumed to be safe, although Adobe has frequently proven that this assumption is wrong. If you download a file, or run a program, all bets are off, but the web browsers always require an additional step before you can perform those task.
The urls that are posted could lead to content that may be unsuitable to children, or spam, or other unsavory sites, but the original url will lead to exactly the same content. Since we have a core of players from around the globe who are watching chat virtually at all times, the content posted in chat is watched for improper content. The main problem we have is swearing and annoying teenagers who have not learned the conventions for chat. Spam, commercial posts, and other bad links have not been a problem.
Urlbot provides a service, as does gringer's bot. Any new bots should be evaluated on a case by case basis, but I see no reason to make any change to either the policy of allowing bots or these bots in particular.
I completely disagree that 'urlbot' is not a security risk. 'urlbot' is distributing those third party links. There is a long history of URL shortener services being hacked, and of unsavory practices by the services themselves attempting various revenue generating schemes. To say that it's safe simply because urlbot is using one of the older or more well-known services is ridiculous. If anything, tinyurl.com is probably more of a target for being hacked than the smaller less-known URL shortener services. If they get hacked there will be tens of millions of compromised URL redirection links, making them a prime target.
Adding that third party in the middle between the user and the destination URL is very much asking for trouble.
Just wishing that's it's safe isn't going to make it so.
I realize that because this is an AD group invention, it's considered sacred, but that shouldn't bve allowed to compromise security.
Change it one more time….
Brick, it is just because you are not using chat at all. Well maybe you sometimes throw few words how evil we are, but not much constructive things.
IRC related issues are NOT a top priority for Foldit devs. Much more things are still to do in game client. If you not like gringer or urlbot just use /ignore function and live happy ever after.
It is a high priority security risk. Just about as important as if the fold.it site itself was hacked.
RU kidding? Tlaloc is dev, if he change priority you can not just switch it back.
Anyway, it is 1st post i see that have so negative (-9 atm) points from feedback users.
FYI all next non-dev priority changes will be deleted.
Apparently devs have a foldit icon next to their name ( source Beta-helix), tlaloc does not have a ribbon next to his name….:)