maybe so, maybe that's all it thought was scary. luckily for me, i had no intention of downloading the item as it was an accidental click while trying to click a different window. It just so happened to come from suspicious looking IP only address with a PDF about manga. So it just worked out in my favor.
you can't deny that it is a very suspect link even if giving benefit of doubt that surely an HN user would never post a link to something untoward, right?
What makes it more suspicious other than the lack of a domain name? Would you trusted more if it was http://righto.com/MangaGuidetoMicroprocessors.pdf instead? (using Ken's blog as an example) Or did you do an IP look up in your head that told you this IP is related to malicious activity?
What if it has HTTPS instead? Would that make it less risky for you? (From my understanding of HTTPS, it wouldn't. Maybe make it harder for other people to see that you're viewing a pdf..)
Basic self protection of the interent is don't click on suspicious links.
PDFs are known vectors of malware.
PDF only links as submissions to HN receive their own mod to the title to indicate that it is a PDF for multiple reasons.
Using a term like manga is click baity as well, as it will help lure people in to clicking a link. A common ploy for people needing to use ploys.
I was mainly upset that with all of the effort I go to in order to not click suspicious link, this is how it happened. It also just happens to be a supsicious looking link that for whatever reason(s), my browser decided it would not download it. For me, this worked out just fine as I had no intention of attempting to download it.
> Basic self protection of the interent is don't click on suspicious links.
You still haven't explained why you think it's suspicious. You keep getting close and then avoiding actually explaining; is it PDFs that are suspicious? Raw IPs? Unencrypted HTTP? Describing it as "manga"?
What? It's the sum of all of those reasons. Getting close to what? I just point by point listed the things about the link that made me leary. Good lord, why is it so hard to believe that I felt the link was just odd and definitely worth hesitation on validity.
If you feel it is hunky-dory to just click willy nilly never think about it lalalala all the live long day, then click away. You do you. Me, I tend to see links like that and take pause on if I feel the risk of following that link would be worth the potential reward. I make these types of decisions all day long while traversing the web, reading emails, tweets, etc
Videos also get modified by HN btw. I have firefox HTTP warning turned on as well, so I assume that's what you saw.
I still don't understand what you found so sus about my link, as it's exactly relevant to the thread here. It's not uncommon to see links in HN threads that bypass paywalls for example.
Ig there's no conclusion to be reached other than, be more careful next time? If you are really worried, you could sandbox your firefox with Qubes OS.
EDIT Just noticed that Ken must've seen this thread.. @kens well played! You got me good :D
Why are you taking this so personally? If it were normal, I would be very hesitant to click a link that looked like yours. I've already stipulated that a bit of benefit of the doubt on another HN viewer would be less likely to post suspect links, but bots are a plenty.
I've already listed my reasons, and I really don't think there was fault in any of the reasons for my personal "keeping safe on the intwebs". You may find that in your day to day life, you are much more cavalier about links you click. You do you, I'll do me.
However, it's 2022 now, and to not be using HTTPS is pretty much just a whole level of not trying very hard. So much so, the browser warned against it.
I don't see how is HTTPS related to the safety of a file. The problem is not that you have your reasons, it's that they seem irrational/show a lack of technical understanding and this is HN so of course people will challenge you.
If you don't understand how HTTPS protects one's safety while traversing the wilds of the internet, then I would posit it is you that doing have technical understanding of how things like MITM is a bad thing. Everyone that has challenged is focused on one single aspect vs the hollistic view of it. Given any one thing of the reasons I posted may not be enough on its own, but added all together the link becomes something I would/do choose to ignore.
But there is nothing to MITM here, it’s a link to a file. Either you trust the person posting the link or not, but the host and the protocol are irrelevant in that case to evaluate if it’s safe or not, period. It’s not that people are challenging details, it’s that your concept of holistic view makes no sense here, there is nothing to add together.
Also having that wrong mental security model makes you more vulnerable (i.e. you’ll be less on your guard when seeing https and a reputable host, where you shouldn’t and apply the same level of scrutiny).
While PDFs can contain malware and for some reason people trust hosts with domain names more than bare IPs, the sole reason Firefox showed the warning was because you attempted to download a file via HTTP from a HTTPS page - it had nothing to do with the file type or bare IP.
The reason for that is browsers already have some methods of differentiating between HTTP and HTTPS when displaying web pages, but not for downloads. So folks at Mozilla decided to implement a feature that warns the user in this specific situation. Personally I disabled this feature (block_download_insecure in about:config) but for the majority of the population it might be a good thing.
