Most of us are Reddit refugees, and probably clicking more random links than we ever did before on websites we’ve never seen before. This whole experience feels like the old internet, but also throws up insane red flags with a modern internet perspective. What are the cybersecurity weaknesses we should all be looking for, and what are the best practices?

Here’s my reason for posting this. As I search for new communities across instances to follow, I sometimes end up clicking a link and I’m no longer logged in. In the corner, that could be a Sign In link or it could be phishing. It’s likely due to me not understanding how to properly navigate this system, but there’s nothing stopping someone from setting up a sight like this as far as I know.

Thoughts?

  • KoboldCoterie@pawb.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    If you’re navigating to another community on their instance, you won’t be logged in. When you’re seeing that, check the URL. If you’re on lemmy.ml, you’re still on your instance; if not, you’ve navigated to that instance.

    There’s multiple ways to structure links, some of which will take you to that community via your instance, some not.

    Could it be phishing? Sure. But far more likely, you’re just on another instance where you don’t have an account (or at least an active login).

    • Artemis@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Do you mind giving a short explainer of proper link formatting? I was struggling with this just a little bit ago

      • KoboldCoterie@pawb.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        If you link directly to the full URL (including the instance), you’ll take anyone who clicks it to that instance, and they won’t be logged in. This is usually not what you want. Example: https://pawb.social/c/tech - This link will take you to my instance.

        If you remove the instance URL, and just leave /c/communityname@instance - for example, /c/tech@pawb.social - the link will still take you to the community, but you’ll still be on your instance. This is usually desirable.

        Basically, instance -> community = link to that instance. Community -> instance = link to the community in whatever instance the user clicks it in.

        You can also use ! instead of /c/ - I think this might work better for Kbin users (since they use /m/ instead of /c/ - can’t verify this). In that case, it’d be: !tech@pawb.social

        • Azzu@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          I won’t get tired of posting this everywhere it applies :D

          I made this userscript, which rewrites all links everywhere (not only on Lemmy) to always point to your home instance. So the link in your comment actually looks like this to me:

          i.e. even though you tried to link to your instance, my script rewrote your link back to my instance so it’s working fine :D

          But of course I can still hover over the icon to see how your link originally looked:

          • Staden_ スタデン@pawb.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Would be nice if third party apps implemented that functionality.

            Or if there were bots that automatically identify those external links and reply to them with a link to the community/post in other popular instances.

  • Ziggurat@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    A big one I see that if you join any instance it’s someone else computer. Not different from Meta/Reddit. But the probability that among all the instance there is one imposter who wants to steal your credential is non zero.
    As usual don’t use the same password everywhere

    • stevedidWHAT@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I don’t understand what the point of making more than one account really is if we can view and post to or from any community or instance

      • Cethin@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        3
        ·
        1 year ago

        They don’t mean don’t use the same password for other accounts on Lemmy, they mean don’t use the same password for other accounts period. Use a password manager or something, and generate a new password for each account. If you use the same one across different services, if one gets hacked they have access to all of them that used the same credentials.