One of the weirder parts of this to me is this:<p>> After publishing this piece, multiple BleepingComputer readers have pointed out an anomaly with the TLS certificate issued for the 'search.app' domain.<p>> To add confusion, search.app's certificate has the Common Name (CN) set to fallacni.com, a French language website that claims to help you "find your national identity card."<p>> BleepingComputer further noticed that the same SSL certificate is in use by more than a hundred domains, shown below, which are hosted on the same Firebase server (IP address 199.36.158.100)<p>Is this typical for how Firebase (and similar offerings) work? Is there any risk of one site on a shared Firebase server being able to MITM users that are collocated on the same IP and using the same certificate, or is having a separate domain enough to mitigate this? I'd never considered the idea of entirely unrelated (and separately owned) domains sharing an identical TLS certificate before, and I'm not enough a crypto/security person to be able to immediately think through the ramifications of this.
Review: the article finds multiple instances of users saying that when sharing from the Google discover in built web frame prepends a link shortener type website allowing Google to intermediate the link.<p>The article speculates that it can be used for sender and receiver tracking, but also offers a positive option which would be blocking malicious shares.<p>No explanation is given by Google when reached.
Google Chat has been redirecting every clicked link through Google's domains for a while now.<p>Which is sketchy too, and I don't understand how this is OK with their business and corporate customers.
These companies want us to reduce phishing, etc attacks by being smart and looking at URLs before we click on them. Then they obfuscate them constantly like this so we can't see the actual URL. Then they wonder why phishing attacks constantly keep working.<p>This is every single company. Just trying to log into my doctor's patient portal, I go to my doctor's website, which redirects me to some weird 3rd party URL, which sends me to some authentication URL, then finally to the patient portal after I login, which is back to another URL. And the business names are never in the URLs. It's always "mypatientportal" or some URL with some old business name from a company that got acquired.<p>The most annoying thing is these fuckers keep blaming the users for getting phished. Just keep training the users. More training. More training that doesn't seem to be helping for some reason.<p>But here's more proof that they put metrics and data gathering over actual security. People need to learn how URLs work for fucks sake and start pushing back against their company when they do this shit. It always goes ignored everywhere I work.