Allow to disable "do you want to open this link?" on desktop

When I click a link in the desktop-client, I’m asked if I *really* want to open it. This doesn’t happen on Android. I can whitelist the domain that link leads to - but I’d have to repeat that for any new domain.

Expected behavior

Do the same as on mobile Systems - Links on Desktop-Linux aren’t inherently more dangerous than on Android. Probably more like the opposite.

Alternativeley give me some option to disable this check. Settings/Advanced would be fine with me.

Example Images

It is only shown for labeled links (what you see is not necessarily what you get to) and for links containing puny code.

I have some questions:
A. Is this happening on normal links, then we have a bug there.
B. would you rather have no warning at all or only a warning for puny code? or the ability to select a warn level (labeled + puny code, only punycode and no warning at all)?

PS: afaik android does not support labeled links, and for puny code it should also have a warning I believe, because that was considered a security issue in signal (CVE-2019-9970 : Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for) (even though I personally would say it is out of scope for the messenger to do any checks wether links are malicious or not)

more info about the IDN homograph attack attack: Punycodes Explained | Hackaday

FWIW, regarding A: I can click regular links (those that are pasted directly as text) without any problem in DC desktop Linux.

As Ivan said, there is no problem with A. However regarding B, I think it is good as it is. But maybe add an advanced setting for users who know what they are doing, because it’s in “Advanced” section?

1 Like