this post was submitted on 14 Aug 2023
14 points (100.0% liked)

/kbin meta

4 readers
1 users here now

Magazine dedicated to discussions about the kbin itself. Provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics. ---- * Roadmap 2023 * m/kbinDevlog * m/kbinDesign

founded 1 year ago
 
top 17 comments
sorted by: hot top controversial new old
[–] mihnt@kbin.social 2 points 1 year ago

Running Linux Mint, Flatpak Firefox.

I can see it connecting to that same domain, but I am not getting prompted nor is it downloading anything.

[–] Pamasich@kbin.social 2 points 1 year ago (1 children)

I don't know why your browser treats this as a download, seems to be incredibly insecure.

If I didn't know others already confirmed it to be a video, I'd assume this was a scam website, distributing a virus disguised as a video. The actual url is encrypted so you can't tell what it actually points to, while the file extension is mentioned in the url parameters to give the impression it's a video file when it could really be anything. And it's being downloaded from Russia.

I think it was definitely a good idea to post this. You should probably look for a better browser that doesn't treat every shady url as a download. One misclick and you can get a virus on your phone like this.

As for kbin, I recommend making an issue about this on the codeberg repository. That's the best way to get kbin to actually do something about this.

[–] Teppic@kbin.social 1 points 1 year ago (1 children)

Browsers usually offer to download files with extensions they don't recognise, basically it's the browser saying "I can't display this, do you want to download it?". In this case the file appears to have no extension as observed by OP.
I think kbin is working fine, the preview did as expected and shared the URL of a video file (but unclear why OP doesn't see this as an mp4 video file).
My guess is OP will get the same popup if in navigates to the page with the video as he did from kbin. This issue is (I think) the video file's URL, not kbin.
Nothing at this point makes me think kbin could or would have included anything it shouldn't have in the preview.

All of that said - Would I be cautious if I saw the pop-up OP shows, yes absolutely. And while what I can see isn't hostile that doesn't 100% mean the website isn't convertly doing something on occasion, or for a subset of users. It is entirely possible to make a website show different people different things.

[–] Pamasich@kbin.social 1 points 1 year ago

I agree, I also think kbin isn't doing anything wrong here. But it might still be able to take actions to prevent or mitigate this, so that's why I suggested posting about it to the codeberg repository.

[–] Teppic@kbin.social 2 points 1 year ago (1 children)

Humm. Well I've not seen it but...
Do you have auto media preview turned on?
...and if so I suspect it would be helpful if you can establish which post caused it because that really shouldn't happen.

[–] CarlsIII@kbin.social 2 points 1 year ago* (last edited 1 year ago) (1 children)

I do (because I prefer it to the squished thumbnails,) but I can’t tell you which post triggered this or how I would know.

Edit: So it looks like it might be this post, as it seemed to pop up again as I was scrolling by, and it popped again when I clicked on the post (but not the link, obviously).

https://kbin.social/m/football@lemmy.world/t/342339/Atletico-Madrid-2-1-Granada-Memphis-Depay-great-goal-67

I will be blocking that community anyway since I have no interest in football.

[–] Sal@mander.xyz 2 points 1 year ago* (last edited 1 year ago) (1 children)

I'm glad you could figure it out!

I followed the link and I see that network request too. I downloaded the file and it is the video.

[–] Teppic@kbin.social 1 points 1 year ago (2 children)

I concur. I also navigated to the site and can see the .mp4 file with that name.
However the video file is 13.5Mb, not 30b. It also has a valid .mp4 extension.
I still can't reproduce the pop-up.

My best theory this point is OP's browser is cropping the URL for some reason, which means the ".mp4" part isn't seen. The browser is then trying to save the 404 response to the request for a file which didn't exist, and had no extension.

Sorry OP, but at this point it looks like something your end.
Out of curiousity, it is an unusual browser, or any scripts/ extensions running which might have corrupted the videos's URL?

[–] CarlsIII@kbin.social 1 points 1 year ago

Just Firefox for iOS, no scripts

[–] Pamasich@kbin.social 1 points 1 year ago* (last edited 1 year ago)

My best theory this point is OP's browser is cropping the URL for some reason, which means the ".mp4" part isn't seen. The browser is then trying to save the 404 response to the request for a file which didn't exist, and had no extension.

I looked at the actual web request url it's doing for me.

https://downloader.disk.yandex.ru/disk/dfc79ab0f88295834385d89e14b27d1f687e201bf8074f21e0d0d9972096319a/64dc8782/MuDSbA9z5TnczT15nZM5t_fipdB2eZIesleov6SiJ-7hJ1g7sSwJpQ0_lNHok396G53tTWxxKw4e4Gu_L_UmFQ%3D%3D?uid=465360380&filename=7fed06c9.mp4&disposition=attachment&hash=&limit=0&content_type=video%2Fmp4&owner_uid=465360380&fsize=14161986&hid=9d62d8b95cb1158833293fffdf4deada&media_type=video&tknv=v2&etag=a5f932a629c3d365ed6d74bd3ac546e6&expires=1692173809

I don't know why they're getting a download offered in the first place for such a scam looking url, but the display on OP's image is clearly separating the url into its components and only displaying some of them (the domain and file name). The file extension isn't part of the url itself here but rather the parameters which aren't displayed here because there's usually no need to and they would take up way too much screen space on mobile.

I think hiding the parameters is a good idea. While comments suggest this is a real video file, this could have easily been a virus disguised as a video. By hiding the parameters, you're preventing unsuspecting users from putting too much trust into those parameters.

Edit: reworded the comment

[–] CarlsIII@kbin.social 1 points 1 year ago

This prompt appeared for me while browsing all, and appeared again when I refreshed the page.

[–] Sal@mander.xyz 1 points 1 year ago (1 children)

I can't reproduce that. And I don't see any indication of any connection to yandex through the inspector when I go to kbin.social.

Could it be that you have some malware installed in your PC? Have you seen this or similar download pop-ups in other sites?

[–] CarlsIII@kbin.social 1 points 1 year ago (1 children)

This has only appeared while on kbin, while browsing all. I am not on PC, but on mobile.

[–] Sal@mander.xyz 0 points 1 year ago (1 children)

Ah! I checked with my phone and I see this:

Maybe this pop up shows up like that to you?

[–] CarlsIII@kbin.social 1 points 1 year ago (1 children)

That’s not the pop up I saw. It looked exactly like my screenshot, and appeared at the bottom of my screen.

[–] Sal@mander.xyz 0 points 1 year ago (1 children)

But did you also see this pop-up? What I am thinking is that maybe your phone processed it diferently

[–] CarlsIII@kbin.social 1 points 1 year ago

No, I have never seen that pop up. Should I be seeing it? It looks like an ad for an unnamed app that is also showing a random kbin thread