Opened 5 years ago

Closed 5 years ago

#15529 closed defect (fixed)

Redirects to spammy sites from Sched.org shortlinks

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: HTTPS Everywhere/HTTPS Everywhere: Chrome Version:
Severity: Keywords:
Cc: stacy.konkiel@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I've been noticing that in Chrome 41.0.2272.101 (64-bit) with HTTPSEverywhere enabled, shortlinks from Sched.org have been redirecting to spammy sites. For example,

http://sched.co/2FQm

redirects to

http://wellnesshealthyliving.ownanewbusiness.com/1085/laci-le-beau-super-dieters-tea-natural-60-bags/

I've run a malware detection program on my machine and it's coming up empty. Is there _any way_ that the HTTPSEverywhere Chrome extension could either be a) causing that or b) the problem is actually that the Sched.org shortlink resolver has been hacked and HTTPSEverywhere is actually _preventing_ these spammy sites from siphoning data from my machine?

I'm stumped.

Thanks!

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by arma

Component: - Select a componentHTTPS Everywhere: Chrome

comment:2 Changed 5 years ago by cypherpunks

I can confirm what you're seeing.

Sched.co links are rewritten to bit.ly links by HTTPS Everywhere internally, maintaining the relative part of the URI. This causes the faulty redirect to spammy URLs.

You can see this is what's happening by replacing the 'sched.co' with 'bit.ly' manually when browsing while HTTPS Everywhere is disabled. You'll end up on the same spammy sites.

comment:3 Changed 5 years ago by cypherpunks

Thanks, very glad to know that my machine hasn't been compromised!

comment:4 Changed 5 years ago by jsha

Resolution: fixed
Status: newclosed

Yes, this was a bug in the bit.ly vanity domains rule. That rule is disabled in the latest version (5.0.1) so the issue should be fixed. This also showed an interesting bug where Chrome and Firefox interpreted the rulesets differently: https://github.com/EFForg/https-everywhere/issues/1339

Note: See TracTickets for help on using tickets.