When is a Link a Link?

[note: Editor's Post]

To follow up on the issue of Links...

• When is a link a link?
• How can you tell if a link is good or bad?
• How can you tell if a link that worked 1 minute ago will work in the next minute?

The answer is: you can't.

There is no way for "us" to know if a link works or not. Even if the results appear to be the same as before that may not be true. A link can change in a nanosecond and "we" would never know about it.

In fact, we are not supposed to know or notice.

It's all part of the complicated underbelly of the internet. Far too complicated to explain in detail but I will try to give a summary of why any link can never be "fully trusted". Even ones you use everyday and have never had any issues with it.

The URL (Uniform Resource Locator)¹
note: I have added some spaces to prevent the actual link from forming

At the top of chain is the URL. This is the address you are trying to get to. It looks like:

• https: //
• http: //
• www

After that section comes a name (or a number) the represents the place you want to. It looks like:

• mrsbizzyb.net
• schneier.com
• guardian.co.uk

The two parts form the address of where you want to go and look like this:

• http: //mrsbizzyb.net/
• https: //mrsbizzybsayshello.blogspot.com/
• https: // www. schneier.com/
• https: //www.guardian.co.uk/

By itself it is just text. It means nothing. It does nothing. However, when placed in a browser address line, the browser scans the text and deciphers it into various internet protocols and if all goes well you get the page view you wanted.

Meaning: you would see MrsB's blog, you would see Bruce Schneier's security blog or the Guardian internet newspaper.

That's IF it goes right. But it doesn't always. And THAT is the problem.

REDIRECT and now where are you?²

Just like people move to new addresses, so do websites. They move all the time. So in order to find the right page, the internet has a "forwarding" ability to find where the page you want is now located. It isn't in the original location or for other reasons the page returned isn't the one you asked for.

If you live in the USA and you type the UK address for the Guardian, looking for the British Edition, you will get the USA one instead.

WHAT???

This:

• https: //www.guardian.co.uk/

becomes this:

• https: //www.theguardian.com/us

It ain't what you asked for but it's what you got.

You got REDIRECTed.

In the case of the Guardian, it's not malicious per se, it's because they can read a crapton of metadata about you and your computer and your history ad nausea and know that if your computer is in the USA you MUST want the US Edition and you stupidly asked for the UK one.

They are being helpful.

But many people do not enter the address at all. They use DuckDuckGo or Google or click links on webpages instead. They may never really notice the address being offered up and just click the link. Sort of a blind trust. You presume the link goes where you want but if you don't look carefully you can end up... well, where no one wants to go.

Just because the text says "Giraffe Cam" doesn't mean it goes there.

Links can be mistyped by accident or on purpose. They can be tricksie to figure out because of the way the destination keeps their pages.

These could look like:

• http: //mrrsbizzyb.net/
(2 r's)

• https: // www. schnier.com/
(dropped an "e:)

• https: //mrsbizzybsayshello.blogspot.com/2017/04/giraffe-cam.html
(changed the date)

• http: //www.reuters.com/article/usa-internet-privacy-idUSL2N1H61ZY ³
(where the heck does this go? }

People are trusting. That's a problem. One exploited viciously.

This is just the top layer of the cake. The part you can see. Under all that fondant is whole crapton of technology that can do the same thing but you won't notice or you are not supposed to notice.

Good Guys and Bad Guys

These days there is no difference between the "good guys" and the "bad guys". They do the same thing, with the same methods, for the same reasons.

One claims National Security the other claims your bank account.

They want what you have.
They know you won't give it to them.
So they take it.

Taking something without permission is generally called THEFT but in the internet: it's advertising data and you agreed to it even if you didn't agree to it.

Once you press the enter key, the speed of light happens and all kinds of equipment and locations and providers and satellites and all sorts of stuff takes place. I am not going to attempt to explain this part other than in a simpler metaphor.

Think of your request as taking a taxi.

Normally we expect the taxi driver to know how to get to our destination. We expect the trip to be fast, convenient and cheap. We expect to arrive alive and well. We expect the car to drive on roads, obey traffic ordinances and not run over pedestrians. We expect the driver to be able to talk to us or at least understand when we give the destination address or be able to read if the address is written on a paper. We presume that the roads are paved and that the traffic signals work and the GPS won't send us off a cliff. We expect the driver to accept common forms of payment and to be able to give change if needed and accept a tip for superior service. We expect the taxi to haul all our baggage too. That the trunk will accommodate all the items we are transporting and that nothing will be broken in the handling. We expect the doors to be opened, seat belts in place and air conditioning.

We expect a lot.

Even with a taxi, None of the Above happens. For every expectation, there are cases were the results are unfortunate. Sometimes it's just a laugh later about the red light that didn't turn green but sometimes it's life threatening if the driver doesn't know how to get to the hospital quickly because your health insurance company won't pay for the ambulance.

Once you press ENTER, your data is on Mr Toad's Wild Ride and you do not know where or how the request is processed.

This is by design. Techno Nerds think you are too stupid to understand, so they hide it from you.

The problem is: hiding things makes changing things very very easy.

The Good Guys and Bad Guys know all about how to change things.

• This is what they do.
• This is their career.
• This is how they get paid.
• This is how they think.
• This is what gives them pleasure.
• They like changing things without your knowledge.
• They think they are more clever than you
• They think they are more clever than the person sitting next to them
• They think they are more clever than any organization, business or government

And they are right.

So..

What to do Percy? What to do?

First Understand the easy parts: the top of the cake.
Learn to read URLs and do not go to those you cannot figure out. Reuters is a responsible company but their news identification system means you really cannot "trust" it.

Second Practice better web safety: STOP CLICKING on STUFF.
Just because someone sent you an email with a link in it DOES NOT REQUIRE YOU TO CLICK IT.

Ok, so those Cats and Cucumbers are funny but is it worth your bank account?

Third Do Not Trust.
Sad to say, Do Not Trust. Spear phishing and Social Engineering ⁴ are common methods of giving your stuff to them. These come from "trusted sources".

• My friend would never send me malware...
• Your friend was hacked and the haxors got your email from that.
  The message is not from your friend.

Fourth Become Educated.
Yes that means LEARN SOMETHING. Knowledge is your only defense because the Good Guys are NOT coming to the rescue here. They are part and parcel of the problem.

• They created them.
• They maintain them.
• They have every reason not to change.
• They will object, lie, distort, falsify and more to distract from their duplicity.

While links may not be trustworthy, there are experts worth reading, even if you understand only 1/10th of the topic. Bruce Schneier is one to learn from. You do not have to agree with everything or understand 100% of what he writes about.

He published an Op Ed piece about the upcoming changes to how USA ISPs can sell your web information. ISPs have a special position in the taxi ride: they are the roads. They know every taxi and every destination.

Snoops may soon be able to buy your browsing history. Thank the US Congress
Bruce Schneier
Thursday 30 March 2017 06.00 EDT ⁵

Fifth YOU are THE key.

You can make a difference. You can influence changes.

Because without YOU, they are NOTHING.


KimB Editor


References

1 The URL (Uniform Resource Locator)

http s://en.wikipedia.org/wiki/URL

2 REDIRECT and now where are you?

http s://en.wikipedia.org/wiki/URL_redirection

3 where the heck does this go?

Reuters.com
FRB | Wed Mar 29, 2017 | 4:54pm EDT
Vote to repeal U.S. broadband privacy rules sparks interest in VPNs
By Stephen Nellis and David Ingram

4 Spear phishing and Social Engineering

https ://en.wikipedia.org/wiki/Phishing
https ://en.wikipedia.org/wiki/Social_engineering_(computer_security)

5 Snoops may soon be able to buy your browsing history.

Snoops may soon be able to buy your browsing history. Thank the US Congress
Bruce Schneier
Thursday 30 March 2017 06.00 EDT
[note: This is an active link]
https://www.theguardian.com/commentisfree/2017/mar/30/snoops-buy-your-browsing-history-us-congress

What can telecom companies do with this newly granted power to spy on everything you’re doing?
...
They can snoop through your traffic and insert their own ads. They can deploy systems that remove encryption so they can better eavesdrop. They can redirect your searches to other sites. They can install surveillance software on your computers and phones. None of these are hypothetical.

They’re all things internet service providers have done before ....
...
Surveillance is already the business model of the internet, and literally hundreds of companies spy on your internet activity against your interests and for their own profit.

Your e-mail provider already knows everything you write to your family, friends, and colleagues. Google already knows our hopes, fears, and interests, because that’s what we search for.

Your cellular provider already tracks your physical location at all times: it knows where you live, where you work, when you go to sleep at night, when you wake up in the morning, and – because everyone has a smartphone – who you spend time with and who you sleep with.

And some of the things these companies do with that power is no less creepy. Facebook has run experiments in manipulating your mood by changing what you see on your news feed. Uber used its ride data to identify one-night stands. Even Sony once installed spyware on customers’ computers to try and detect if they copied music files.