Context
Messages in MeshCore may contain URLs. Currently, users have no indication when a link exhibits characteristics commonly associated with phishing, malware distribution, tracking, or other potentially unsafe content.
Examples:
- URL shorteners hiding the final destination
- Unicode homograph (lookalike) domains
- Direct IP-address links
- Executable file downloads
As MeshCore networks are often community-driven and trusted, users may be more likely to open links received from unknown nodes.
Acceptance Criteria
- URLs are highlighted (visually distinct, non clickable)
- A warning '⚠ URL Shortener Detected' is displayed for URL shorteners (bit.ly, tinyurl.com. t.co, cutt.ly, is.gd...)
- A warning '⚠ Link points directly to an IP address' is displayed for raw IP addresses (IPv4 and IPv6)
- A warning '⚠ Possible lookalike domain' for homograph / punycode domains (xn--amazn-q9a.com...)
- A warning '⚠ Downloadable executable content' for dangerous file downloads (.apk, .exe, .bat, .zip...)
Context
Messages in MeshCore may contain URLs. Currently, users have no indication when a link exhibits characteristics commonly associated with phishing, malware distribution, tracking, or other potentially unsafe content.
Examples:
As MeshCore networks are often community-driven and trusted, users may be more likely to open links received from unknown nodes.
Acceptance Criteria