When I click a link in the desktop-client, I’m asked if I *really* want to open it. This doesn’t happen on Android. I can whitelist the domain that link leads to - but I’d have to repeat that for any new domain.
Do the same as on mobile Systems - Links on Desktop-Linux aren’t inherently more dangerous than on Android. Probably more like the opposite.
Alternativeley give me some option to disable this check. Settings/Advanced would be fine with me.
It is only shown for labeled links (what you see is not necessarily what you get to) and for links containing puny code.
I have some questions:
A. Is this happening on normal links, then we have a bug there.
B. would you rather have no warning at all or only a warning for puny code? or the ability to select a warn level (labeled + puny code, only punycode and no warning at all)?
PS: afaik android does not support labeled links, and for puny code it should also have a warning I believe, because that was considered a security issue in signal (CVE-2019-9970 : Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for) (even though I personally would say it is out of scope for the messenger to do any checks wether links are malicious or not)
more info about the IDN homograph attack attack: Punycodes Explained | Hackaday
FWIW, regarding A: I can click regular links (those that are pasted directly as text) without any problem in DC desktop Linux.
As Ivan said, there is no problem with A. However regarding B, I think it is good as it is. But maybe add an advanced setting for users who know what they are doing, because it’s in “Advanced” section?
