WingNews logo WingNews
top | item 47004689

Instagram's URL Blackhole

311 points| tkp-415 | 18 days ago |medium.com

48 comments

order

written-beyond|16 days ago

I want to thank you dear poster and author, I feel genuinely refreshed reading a short interesting post sans status quo topic.

Waiting for the next part!

0______0|16 days ago

Right? It's so short and...just ends. Been too fatigued reading essays on just about everything. I loved this one.

ghxst|16 days ago

The use of "storage.googleapis.com" is probably because it's an "authority" domain that apps can't easily ban without side effects. Buckets can typically be used as a static site host where u can host a client side redirect, depending on how you set it up you can make it almost impossible for an app to ban a campaign in real time.

notpushkin|16 days ago

This has some good uses, by the way! VPNs and news websites that are blocked in Russia use it to either mirror content or redirect to the newest version.

samename|16 days ago

Ironic the Apple App store allows a "phone antivirus" to exist.

xp84|16 days ago

Almost unbelievable that they allow this - except of course they do, because scamware makes a ton of money via in-app purchase, and Apple gets 30%, so of course they do. I'm sure people will come out of the woodwork now to white knight for Apple and spin this somehow. But anything that offends their business model can be removed in minutes, while software that by its title violates the App Store rules is just here indefinitely.

ronsor|16 days ago

Funnily enough that's given as an example of a prohibited type of app in their review guidelines.

krackers|16 days ago

But it's rated 4.4 stars! I'm guessing it hoovers your contacts and tries to get you to sign up for the IAP subscription.

halapro|16 days ago

Curated App Store, they said. Might have been true in 2010

wongmjane|16 days ago

> CYBERSECURITY_PHISHING_FOA (likely Foreign Origin Actor)

That’s probably “Family of Apps” instead, referring to the family of apps that Meta owns (e.g. IG, FB, WhatsApp, etc)

hdjY28|16 days ago

FOA means “family of apps”. Source: Meta’s quarterly earning reports

neya|16 days ago

How does Apple allow this? Here I thought the App Store was supposedly superior to the Android eco-system and that's why Apple justified the insane 30% tax on developers back then

conception|16 days ago

Google Play was also 30%?

amne|16 days ago

At this point it must be intentional that there's always something uncanny about these fake pages. That google logo is so old that if I see it I immediately know to get out of there.

So I find it fascinating how there's always the odd typo, the old logo, the impossible combination of iPhone needing an antivirus, etc and I refuse to believe is incompetence.

flomo|16 days ago

Entirely intentional because they want to filter out anyone who can see how scammy it looks, so they don't waste their time. This is bulk spam stuff. If they are actually targeting you, it will look very real.

efilife|16 days ago

I found an e-mail spam service that said they needed to have typos on their website because it was better indexed for their target audience this way?

Weird

ckwalsh|16 days ago

Blackhole is the name of one of the services used in display-time malicious content filtering.

I’m guessing the urls in that db were either generating a ton of backend load, so they were pushed to devices, or perhaps are customized on a per user basis for some reason

est|16 days ago

It's fun and all, is there a way to safely host .html but does not allow rendering it?

CORS? sec-fetch-dest, sec-fetch-mode and sec-fetch-site ?

If storage.googleapis.com weren't operated by Google, the domain would be blocked by Google's "Safe Browsing" long time ago.

gruez|16 days ago

Serve it with content-type set to text/plain and browsers won't try to render it. You can try a random html file on github. If you click raw it'll get rendered as text.

kccqzy|16 days ago

> If storage.googleapis.com weren't operated by Google, the domain would be blocked by Google's "Safe Browsing" long time ago.

Not true. You just need to make it an eTLD by adding it to the public suffix list. Only subdomains of domains on the PSL can be marked by Google’s Safe Browsing.

selridge|16 days ago

Ironic seeing this as a medium post.

mmsc|16 days ago

Instagram blocks me from sending Facebook.com in DMs to people. No idea why and support doesn't help.

paulpauper|16 days ago

lol "your iphone is severely damaged by viruses"

Facebook was known to aggressively filter URLs too if posted too often.

alex1138|16 days ago

I thought this was going to be about how links have become harder and harder to follow on Insta. The login walls got progressively stronger (it feels like) and now it's just hard blocked

Sorry, Zuck. Not signing up for Insta, though you probably made a shadow profile of me

regenschutz|16 days ago

I tried visiting that link on my device, and after many redirects and uBO warning screens, I ended up on an AI content farm in my native language, Swedish.

hypertexthero|16 days ago

This brings to mind this question:

Should HN allow links to sites that break the back button, like all Meta sites (Ig, Fb, etc)?

j1elo|16 days ago

With default uBlock Origin filters on mobile Firefox, all Medium blogs show up as a blank page. Which in this day and age is akin to saying that the page is utterly broken.

numpad0|16 days ago

... why is the hxxps:// URL in the article linkified? It's a URL scheme created to explicitly mark URL as unsafe.

throwaway290|16 days ago

...and that shady "AI cleaner" is STILL on App Store? with 4.4 rating?

should App Store platform fees fund getting this stuff banned?