Instagram's URL Blackhole | Hono Hacker News

▲

121 points bytkp-4151 day ago |10 comments

▲ghxst6 minutes ago

The use of "storage.googleapis.com" is probably because it's an "authority" domain that apps can't easily ban without side effects. Buckets can typically be used as a static site host where u can host a client side redirect, depending on how you set it up you can make it almost impossible for an app to ban a campaign in real time.

▲written-beyond6 hours ago

I want to thank you dear poster and author, I feel genuinely refreshed reading a short interesting post sans status quo topic.

Waiting for the next part!

▲0______03 hours ago

Right? It's so short and...just ends. Been too fatigued reading essays on just about everything. I loved this one.

▲hdjY284 hours ago

FOA means “family of apps”. Source: Meta’s quarterly earning reports

▲samename6 hours ago

Ironic the Apple App store allows a "phone antivirus" to exist.

▲xp843 hours ago

Almost unbelievable that they allow this - except of course they do, because scamware makes a ton of money via in-app purchase, and Apple gets 30%, so of course they do. I'm sure people will come out of the woodwork now to white knight for Apple and spin this somehow. But anything that offends their business model can be removed in minutes, while software that by its title violates the App Store rules is just here indefinitely.

▲halapro19 minutes ago

Curated App Store, they said. Might have been true in 2010

▲ronsor6 hours ago

Funnily enough that's given as an example of a prohibited type of app in their review guidelines.

▲krackers4 hours ago

But it's rated 4.4 stars! I'm guessing it hoovers your contacts and tries to get you to sign up for the IAP subscription.

▲jsheard4 hours ago

The meta these days is bundling dodgy SDKs which turn the device into a residential proxy, which then gets sold on to the highest bidder. Mostly AI companies, whose desire to scrape literally everything has driven demand for that type of malware into the stratosphere.

▲selridge6 hours ago

Ironic seeing this as a medium post.

▲est1 hour ago

It's fun and all, is there a way to safely host .html but does not allow rendering it?

CORS? sec-fetch-dest, sec-fetch-mode and sec-fetch-site ?

If storage.googleapis.com weren't operated by Google, the domain would be blocked by Google's "Safe Browsing" long time ago.

▲kccqzy9 minutes ago

> If storage.googleapis.com weren't operated by Google, the domain would be blocked by Google's "Safe Browsing" long time ago.

Not true. You just need to make it an eTLD by adding it to the public suffix list. Only subdomains of domains on the PSL can be marked by Google’s Safe Browsing.

▲gruez1 hour ago

Serve it with content-type set to text/plain and browsers won't try to render it. You can try a random html file on github. If you click raw it'll get rendered as text.

▲neya2 hours ago

How does Apple allow this? Here I thought the App Store was supposedly superior to the Android eco-system and that's why Apple justified the insane 30% tax on developers back then

▲alex11385 hours ago

I thought this was going to be about how links have become harder and harder to follow on Insta. The login walls got progressively stronger (it feels like) and now it's just hard blocked

Sorry, Zuck. Not signing up for Insta, though you probably made a shadow profile of me

▲paulpauper7 hours ago

lol "your iphone is severely damaged by viruses"

Facebook was known to aggressively filter URLs too if posted too often.