I am not aware of "documentation" as such (in the sense I understand documentation in English) or a *definitive* source. This is something I have picked up from various articles, blogs and podcasts over time...
It makes sense though, right.... To some degree a URL under a descriptive domain give an indication as to what I expect to load. I am sure you can argue that, but in general zoom.com/1234 (or meet.mixp or whatever) is familiar and has some degree of trust already. Usually a subdomain matching the sender or a well know brand helps. There are also checks that could be done on the domain prior to clicking through, should I choose to do so, if its not known/familiar. However, http:// alturl (dot) com/ 2r5u3 could literally forward to *anywhere*. I have no way to know. Clicking that is therefore dangerous. In any case, while I did not have a specific reference in mind, as to me this is a known thing in infosec, a quick google search turns up many hits. https://www.helpnetsecurity.com/2018/05/23/url-shortener-cryptojacking https://thenextweb.com/news/using-url-shorteners-expose-privacy-invasions-malware-attacks https://cofense.com/url-shorteners-fraudsters-friend/ https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/shortened-url-security https://blog.malwarebytes.com/threat-analysis/2016/01/when-url-shorteners-and-ransomware-collide/ Thats just from the first page of the first google search I tried. Of course, while shortened URLs are in general dangerous to most non-tech Internet users, they can be checked if you have a terminal with curl handy: ``` ❯ curl -o /dev/null -s -v http://alturl.com/2r5u3 2>&1 |grep 'Location:' < Location: https://gouv-bj.zoom.us/meeting/register/tJIqfuyppzwrGNWB6OD779-Thqu0ej0iJJEW ``` The result is really not that long that it would have been an issue to paste into an email as is.... so why shorten it and obscure it? On Tue, 11 May 2021 at 21:34, Ish Sookun <[email protected]> wrote: > > > Grateful if you can point me to the documentation on this. > > Regards, > > Ish Sookun _______________________________________________ Community-Discuss mailing list [email protected] https://lists.afrinic.net/mailman/listinfo/community-discuss
