Previous posts in this discussion:
PostThe Dangers of Clicking on Links: A Primer (A. J. Cave, USA, 12/21/20 7:22 am)
Before I unpack the dangers of clicking on a link (URL) in an unsecure environment like "little ol' WAIS," I ought to clarify couple of misconceptions.
My comment about the US military branches being SolarWinds customers, didn't mean they are using off-the-shelf software. The Orion network management software is a proprietary piece of software that runs on Microsoft's Windows operating system.
Mini OS Primer (optional reading):
An operating system [OS] is like the big bad boss that controls everything that happens on a device (a piece of hardware). There are five main operating systems:
Linux (open source)
Microsoft Windows (proprietary, on almost all PCs)
Apple macOS (proprietary, competitor of Windows in the Apple universe)
Google Android (open, mobile operating system for android smartphones, based on Linux)
Apple iOS (proprietary, mobile operating system for iPhones)
The majority of mission-critical (really important stuff) software is written for Linux, mostly because it is open source, meaning it has been debugged by bazillion developers for free.
Apple macOS doesn't have a big enterprise mission-critical footprint, and Google is trying hard, but the big desktop OS players are Linux and Windows. And as God and everyone else knows, Windows is buggy and crappy, but certainly not cheap. That's why Bill Gates is one of the richest people on earth. The advantage of developing something on top of Windows OS is that Windows is already in a lot of (almost all) enterprises, so it's an easier sale, because there is already a sales relationship in place.
In the mobile world (the future), Apple and Google dominate the OS market, with Microsoft being a bit player.
Now, why reposting and clicking on email links is bad:
How many times you have gotten official-looking emails from a bank or a credit card company or Yahoo that says "we have suspended your account, clink [here] to verify your information"? How do you think they got your email or your information?
Or, how many times you have heard of some unsuspecting soul clicking on a link or opening an attachment that crashed the entire networks of companies? Or hacked various organizations?
In plain (accented) English, a website (like the WAIS website) is like a house that is built and lives on a server (a physical computer) somewhere. I don't know where WAIS website moved after it left the Stanford University servers. But wherever it is physically located, waisworld.org is like the street address of that house.
The WAIS posts, in form of emails sent to WAISers and posted on the website, are mini websites themselves. When those emails are sent out daily, they "travel on various roads" to get to the email inboxes of WAISers. Those roads are the various networks, like AT&T, or T-Mobile, or others, and in case of networks outside of US, the emails are handed off to international network operators, like BT, or Vodafone, or Telefonica, or Orange, or NTT Docomo, and the rest. The way the emails travel on these roads (networks) vary from riding private cars (secure networks, difficult to hack), limousines, taxis, gypsy cabs (unsecure, easily hacked), or whatever Lyft is available.
Now, if these emails (mini websites) contain links (hyperlinks) to third-party content, you actually really don't know where clicking on that link would take you, because you can't see the code that is generating that link. That goes for clicking on images too.
That link could be "phishing," meaning it would take you to a fake website, grab some information off your device, and then redirect you to the real site, without you realizing it.
Or, the link could take you to a website that would immediately infect your computer with a malware or virus (really bad stuff), that could lock down your computer for ransomware, or download a keylogger (something that captures your every key stroke and send them along to someone).
Those really creepy long links, even if they are links to legit websites, have a lot of tracking code attached to the actual link to track that link wherever it goes and report back to the tracking software, usually for a fee (or alternatively, for targeting those readers directly with similar stories). It works like this: somebody reads something on a website and puts the link to that piece in her email and sends it to a group. If, let's say, 10 people click on that link, the website gets a report and charges the advertiser for 11 views--the original reader and the 10 who clicked on her link, instead of just the original reader.
The big danger with links has to do with how those emails (content) are actually sent across the networks. The way we actually send content and information around on networks is a bit complicated. Everything digital is either a zero or a one--on or off--and the way they are shuffled around is by breaking them into smaller packets for speed and efficiency and distribute the load across the networks evenly. Each packet has a head and a tail. These packets could take various routes depending on the traffic cops (routers) that are directing the traffic in the networks. When these packets arrive at their destination, they are reassembled into the original format by matching those heads and tails. If these routes are open and unsecure, any virus can attach itself to those packets without the sender or receiver of the emails knowing. It's like driving in muddy waters. Your car gets muddy no matter how good a driver you are.
To avoid getting held up by highway robbers or getting muddy, you can travel in an armored car. That's what is called end-to-end encryption. The email and everything in it is locked before it is sent out and is unlocked at the destination. But that doesn't still make the link inside the email any safer.
A lot of emails and a lot of links from trusted sources, like Wikipedia, are usually fine. But they can easily be corrupted and sometimes it is hard to tell the difference. So, no good reason to risk it.
JE comments: Many thanks for your patient explanation, A. J. I do check every link/URL that goes into a WAIS post, primarily to ensure that it works. I also cull out anything that looks suspicious. But the malefactors are clever at outsmarting even the most vigilant--and I'm anything but a techy guy.
This is a good opportunity to remind WAISers of our editorial "norms" (I should republish them soon): Please, no more than three links in a post, unless more are absolutely necessary.