# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 6
# self = https://watcher.sour.is/conv/jh4n35a
marado
twtxt.net
View Thread
2022 is about to end, and there are still official services that send SMS texts to people telling them to follow links to https://bit.ly/somewhere . Educating people against phishing gets hard, when services' customers are educated like this...
abucci
anthony.buc.ci
View Thread
@marado We're still sending passcodes and 2FA codes through SMS. It's bad.
mckinley
twtxt.net
View Thread
@marado We really need to stop using link shorteners and QR codes, but the damage is already done.

You can put a sticker with a QR code (and no other information) on a wall in a city and people will scan it out of curiosity. They scan it, their iPhone only tells them it goes to snapchat.com (I just checked on the latest version of iOS), and they end up on my website instead because it's an open redirect.

Granted, my website is a much better place to be than snapchat.com, but you get the idea.
abucci
anthony.buc.ci
View Thread
@mckinley the problem isn't QR codes. That's just a data format. You might as well say we need to get rid of bits. The real problem is unexpected, unrestricted code execution. Which has always been the problem.
mckinley
twtxt.net
View Thread
@abucci QR codes and link shorteners can be useful, but people have been *trained* to click and scan things without doing their due diligence. Of course, mobile operating systems make it very difficult to do so because their goal is to remove as much control as is acceptable by the user.

As far as I know, you have to load the page in a browser before you can see the entire URL, giving it the opportunity to redirect somewhere else or exploit some vulnerability on your device.

I think we agree here. When the user has no control and is taught to blindly trust these things, bad things happen.
abucci
anthony.buc.ci
View Thread
@mckinley It's kind of infuriating to me, after all these years of teaching people to not click links in emails, not open up Word documents from people they don't know, etc etc etc, there's always some new automated malware delivery vector that people are trained to use and then have to be trained not to trust