Follow

@infosechandbook@mastodon.at That's why I mentioned initially that I'm concerned that they'll open the number of websites up after a while.

I don't mind the current way of link previews, but I'm quite sure it won't stay that limited. And that again open up the mentioned attack vector.

About the proxy implementation: The proxy can't mask the UA as do a layer 4 proxying. So it's up to the client implementation. That again doesn't seem to implement any special mitigations to hide the UA.

Sign in to participate in the conversation
Sheogorath's Microblog

This is my personal microblog. It's filled with my fun, joy and silliness.