95 comments

[ 2.7 ms ] story [ 27.6 ms ] thread
This is magnificent.
I got an ad :-)
My ISP warned me "you could be getting scammed"

I never knew my ISP was filtering and checking my links

Wow, utterly shocking.

You won't believe what this article describes.

Bitcoin millionaire reveals his 1 strange trick in this link.

This article helped me lose 30 lbs using this 1 weird food.

I got a BT warning that I was being scammed. So glad I clicked "proceed anyway" =')
This seems like a great way to make people less suspicious of genuinely sketchy URLs...
Isn’t that kind of the point?

I can’t imagine anyone actually using this, but it’s good fun.

the one dangerous thing in an Url is the host (precisely: the IP).

Either trust it or don't. What it actually says doesn't mean a thing.

the scheme can be pretty dangerous, especially if it starts with javascipt: - it will run in the current origin.
(comment deleted)
Past related threads:

ShadyURL - https://news.ycombinator.com/item?id=24579931 - Sept 2020 (5 comments)

Don't just shorten your URL, make it suspicious and frightening (2010) - https://news.ycombinator.com/item?id=16791029 - April 2018 (68 comments)

ShadyURL - https://news.ycombinator.com/item?id=11572679 - April 2016 (2 comments)

Shady URL: Don't just shorten your URL, make it suspicious and frightening. - https://news.ycombinator.com/item?id=1134868 - Feb 2010 (21 comments)

Fixed them for you:

    1. http://www.5z8.info/freeporn_m9o0wv_nic_cage_naked
    2. http://www.5z8.info/manhunter_n7f2qq_double-your-wang
    3. http://www.5z8.info/bombbuilding_x7j5jc_boobs
    4. http://www.5z8.info/winamp-cracked.exe_o5m1zq_-49exploit-begin--
Yikes, that really does create a visceral response.
Honestly the .info is the most frightening.
I dunno, ds.gd or whatever Discord uses takes the cake for me so far.
.gg? Stands for "good game". Haven't seen it get much use.
ddg.gg is duckduckgo.com. I use this all the time.
duck.com is cooler imo
They should use it as their main domain
Why is that the most frightening part? (Genuinely curious) I tried to look up the original intent of the .info domain and found the following on Wikipedia: "Info is the only top-level domain that was explicitly created and chartered for unrestricted use, although various other TLDs resulted in this situation de facto." [0]

[0] https://en.wikipedia.org/wiki/.info

Almost every time I've seen uBlock Origin block a whole page from loading, and requires adding an exception to browse to it, it's a *.info domain.
Not sure this is still the case, but for years newly-registered .info domains were deeply discounted, i.e. $0.99 or $1.99 for the first year. This made them very attractive for cybercriminals who wanted throwaway domains that weren't needed for more than a year, since they'd be added to spam/malware blacklists within days.

The result was that .info gained a very bad reputation. Since it was so popular among bad actors, but never became very popular for legit sites, for many users the vast majority of times they saw a .info domain it was something nasty.

Exactly - .info and .biz are forever etched in my mind as nothing but scams and spams. I know it has spread beyond that but the original usage was highly tilted toward those.
FWIW, .biz always has seemed unprofessional-sounding to me. Why that was ever created with the intent of being a legitimate domain is beyond me. It cast a shadow over the whole process of creating those new domains at that time, almost as if ICANN was in on all the shadyness from the beginning. It was as if the WHO or UN started adopting warez terminology — you'd start questioning whether they were what you thought they were.
(comment deleted)
Kinda wanting this option for all URLs, be a massive time saver
These look mostly NSFW, except for the WinAmp one. To me really scary would be something along www.bankofamerica.5z8.info/bank-login

Specially if my name, email or username is part of the url...

To be fair, it's part of quite a few URLs, just usually called "fbclid" or "ref" or "utm_*" or encoded in a cookie.
I don't understand how this shortens a URL, most URLs are still pretty long.
It shortens the upper bound on URL length, so for computer scientists, it shortens it.
would we really need URL shortening if people didn't play SEO games by making URLs a complete sentence?
I think you would still end up with "Just put the article title as the URL" out of laziness a bunch too. Or because someone with decision making power doesn't like URLS that seem random.
I'm told urls with IDs and query strings look "unprofessional" in today's web.
Yes, because urls are part of UX and should be as readable and meaningful as possible. It is not just about SEO.
What if my resource is indexed by GUID and I want to build a REST API?
That wouldn't force you to use query strings.

I agree it's not always a mistake for a URL to contain an ID value of some sort. How else would online shops assign a URL to each product they offer?

For REST APIs standard would be /resources?query=something&offset=50&limit=50 etc for list of resources. And single resource. /resources/:resourceId, so a bit different for APIs as opposed to user facing urls.

While for a single resource when user facing it would be /resource/human-readable-resource-slug.

The trend in browsers is to not display the URL, so who cares what it looks like? Mobile hides the address bar as soon as possible to regain the real estate. A certain desktop browser also received a lot of flack about only displaying the domain name rather than the path/query.

Also, if these are the same UX rules that have brought us worthless cookie screens, I'm not sure I'd put stock in their opinions, but that just me joey not-a-frontend-guy-just-a-user beercan.

You're under the impression that cookie screens were intended as a UX improvement?
The requirement to notify and give an opt out option regarding cookies is intended as a privacy improvement.

Most cookie screens are deliberately designed as bad UX to make it very difficult to properly opt out and very easy to accidentally and permanently opt-in.

Also when visiting a new site, the last thing on my mind is the cookie popup.

Here the main goal is to get rid of it fast, which more often than not leads to accepting all cookies the site offers. And bad cookie UX ensures that.

I would actually prefer to never see a cookie popup and then deal with privacy another way, if that was an option.

There is a Firefox plugin for that. Not on the computer will look up the name later.
> Here the main goal is to get rid of it fast, which more often than not leads to accepting all cookies the site offers.

My fast route out is to close the tab. Same for auto-playing audio, distracting animations/video, and other irritations.

So far I don't think I've missed out on anything of significance that way. There are some sites that are useful enough for me to have spent time clicking tens of things, beyond that it turns out that I can live quite happily without the others.

> Most cookie screens are deliberately designed as bad UX to make it very difficult to properly opt out and very easy to accidentally and permanently opt-in.

This is true, but if I recall correctly it's plainly against the law for them to do this. Websites continue to do it because they're fully aware that enforcement is laughable.

> but if I recall correctly it's plainly against the law for them to do this.

Yes, though technically no. IIRC it is against the letter of the law to make it harder to opt out than to opt in. So this behaviour would be fine if it was at least as painful to opt in.

> Websites continue to do it because they're fully aware that enforcement is laughable.

Pretty much.

Well, as someone who has cared about what urls look like[1] since the 90’s, I will rejoice the day I see the last cookie dialog (unless it also is my final day).

[1] It’s a way of communicating with the user. And yes, I often edit the address bar on my phone.

Yes, often if you share resources, the urls are quite long, and pasted into a messaging client, the result looks annoying. For this reason, an internal url shortener is included in several products, like Onlyoffice.
Wait, what?
It's trivial with delay>0 enabled in your HN profile. (Delay makes your comment not appear publicly for N minutes)

Post comment, get link, "shorten" url, edit comment, boom:

http://www.5z8.info/dogfights_i2z2so_specter-exec

I figured it had something to do with editing, but didn’t know about the “delay” option. So when @samschooler commented, HN Replies[0] contained a link to itself, and that threw me off.

Reminds me of the videos on YouTube that contain their own ID in the content, except you can’t replace your video post upload (unless you’re a major record label…)

[0]: http://www.hnreplies.com/

Comments have incrementing IDs so without using the delay option you could look at https://news.ycombinator.com/newcomments and try to guess what your comment ID will be before posting, but now you're in a race to be the next comment.
(comment deleted)
Validation is rejecting my .solutions tld domain
X-Powered-By: PHP/5.5.9-1ubuntu4.11

yikes!

It’s a nice touch for sure. Someone’s got an eye for detail :-)
I started trying it out but when the captcha presented me a fourth picture to click on, I gave up.
lol, I have a subdomain 'darknet' – that alone scares a lot.
I purchased https://m8.fyi. The intention was to create very short urls to put on GIFs/videos, making it easy for people to visit the source (e.g. https://m8.fyi/mon), especially on mobile.

Most avoid it or don't realise it's a URL!