[Enigmail] First signed message -- Is tinyurl.com safe and reliable?
Robert J. Hansen
rjh at sixdemonbag.org
Sat Aug 23 21:17:10 PDT 2008
James Gillespie wrote:
> This is no doubt an old and settled issue on this list, but I could find
> no way to search the list archives for past discussions.
Google is your friend. E.g., a few months ago I wrote a detailed
explanation of why there is no difference between a bad signature and a
missing signature. To find it, I go to Google and enter:
site:mozdev.org enigmail "Robert J. Hansen" signatures
Lo and behold, "On signatures" is the fourth link listed.
> Zone Labs does not advise connecting to tinyurl.com. ZoneAlarm Spyware
> Blocker blocks the site by default. Gurus on the ZA forum claim that
> tinyurl.com "does not check and bar links containing malware" and that
> it "is known to actually send the user to the wrong site or list".
I think ZoneAlarm is being unreasonable. TinyURL is just a link
redirector. Expecting TinyURL to also check for malware and hostile
sites is an unreasonable burden. Think about how much more difficult
TinyURL's job would be if they had to scan all sites they link to for
malware -- not just when the URL first goes up, but _constantly_, since
the contents of a URL can change over time.
That said, I would not visit a TinyURL link that was sent to me by a
person I did not know/trust.
More information about the Enigmail
mailing list