Sorry, but I'm still refusing to accept that adding the full download link or even "hosted on..." has any substantial safety gain. - I think we all agree that forging the entire FileLink insert is dead-simple, right? I can just copy the HTML, tweak according to my evil purposes, and re-inject into my own message, which will look exactly like TB's original insert, but can have any links of my liking. - As long as you keep two links, the short link (in a forged mail) can be different from the long link. So there's still 50% evil, and it's more risky than before, because you are giving users a false security that if there's a correct long link below, they don't have to verify the short link above. - ...hosted on... looks nicer, but actually makes that security fallacy worse - now we're training users to rely on a plain-text explanation below the actual link. That's even easier to forge, and a high-risk behaviour! - Iow, the only place to verify what the the short link will really give me is the short link itself (by checking the status bar, or copying the URL). @aleca: - Short link URL shows up in status bar on hover, so users concerned about safety can look at that. Which actually increases the overall safety as it avoids the long-link-to-explain-short-link fallacy described above. - Do you know how hard it is to copy a linkified long link from message reader as text using mouse selection? The only easy way is right-click on link > Copy link location. So you could just do that right-click on the *short* link, which is exactly the same, only safer.
Bug 1736208 Comment 20 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Sorry, but I'm still refusing to accept that adding the full download link or even "hosted on..." has any substantial safety gain. - I think we all agree that forging the entire FileLink insert is dead-simple, right? I can just copy the HTML, tweak according to my evil purposes, and re-inject into my own message, which will look exactly like TB's original insert, but can have any links of my liking. - As long as you keep two links, the short link (in a forged mail) can be different from the long link. So there's still 50% evil, and it's more risky than before, because you are giving users a false security that if there's a correct long link below, they don't have to verify the short link above. - ...hosted on... looks nicer, but actually makes that security fallacy worse - now we're training users to rely on a plain-text explanation below the actual link. That's even easier to forge, and a high-risk behaviour! - Iow, the only place to verify what the the short link will really give me is the short link itself (by checking the status bar, or copying the URL). @aleca: - Short link URL shows up in status bar on hover, so users concerned about safety can look at that. Which actually increases the overall safety as it avoids the long-link-to-explain-short-link fallacy described above. - Do you know how hard it is to copy a linkified long link from message reader as text using mouse selection? The only easy way is right-click on long link > Copy link location. So you could just do that right-click on the *short* link, which is exactly the same, only safer.