Ask HN: Why does Google still provide an open redirect for phishers?
24 pointsby throwaway8920124 days ago3 comments
  • r_lee23 days ago
    Not to mention all the translate.google.com redirects that get indexed in Google, but Google says nothing is wrong and wontfix
    • ravshan23 days ago
      Can you clarify what do you mean by that?
      • r_lee23 days ago
        There's many abusable url endpoints within Translate or at least there were recently, but when I tried to complain about it to Google, they just ignored it and said it's intended or whatever.

        from what I can remember there's pure redirects and proxied translates pages, where the page will be under translate.google.com but show the malicious page and when you then click on stuff it can continue to the abusive page directly

        but in general it takes Google eternities to do anything about abuse in their products from my experience

  • egberts123 days ago
    No notice for:

    - Linux, Debian 12, Firefox - Linux, Gentoo, Waterfox - Linux, Mint, DuckDuckGo - iOS, DuckDuckGo - BSD, terminal, Lynx

  • jprezant24 days ago
    I don't think Google would consider this an open redirect. It displays a notice and requires user interaction.
    • throwaway8920124 days ago
      It doesn't for me at all. If I go to the URL I provided in the OP, the Google server responds with a 301 status code and Location header. Both when logged into a Google account and without logging in. Strange that it behaves in a different way (?) for you.

      It will probably filter the URL through Google Safe Browsing, but that doesn't help much for phishing as they mostly use new or reputable domains, and browsers check that list on default settings anyway.

    • BenjiWiebe23 days ago
      Doesn't show a notice or require user interaction for me.

      Android, mobile Firefox.

    • andreareina23 days ago
      Firefox 146 on Arch, no notice just got redirected right away.