Vincent Vande Vyvre <vincent.vande.vy...@telenet.be> writes: > To verify, visit your Account Settings > <https://pypi.us18.list-manage.com/track/click?u=[… personally-identifying > information …]> > page. > > ------------------------------------- > > The Account Settings > <https://pypi.us18.list-manage.com/track/click?u=[… personally-identifying > information …]> > is : > https://pypi.us18.list-manage.com/track/click?u=[… personally-identifying > information …] > > Phishing ? yes, no ?
It's impossible to tell, from those links alone. The links are obfuscated deliberately. What we can say for certain, is that following those links allows parties unknown, to track the fact you've followed that link, before you ever get to PyPI. You are right to be concerned. This is one good reason why I argue that link obfuscation like this is bad practice: we can't tell what domain they will redirect to, so there's no way to know before visiting the link whether it will go to a ‘python.org’ URL. Instead, sending people links that you want them to follow should be direct links. That way we can see where it is the person wants us to visit. As a bonus, we avoid more layers of surveillance that these man-inthe-middle providers like ‘list-manage.com’ try to gather about our online behaviour. -- \ “Programs must be written for people to read, and only | `\ incidentally for machines to execute.” —Abelson & Sussman, | _o__) _Structure and Interpretation of Computer Programs_ | Ben Finney -- https://mail.python.org/mailman/listinfo/python-list
