[Standards] The Open Graph protocol
xmpp at larma.de
Tue Nov 10 15:25:24 UTC 2020
On 10.11.20 15:23, Jonas Schäfer wrote:
> In this case, please discuss the security implications in regards of phishing.
> With sender-side rich preview, spoofing of such previews becomes trivial. I
> imagine a spoofed rich preview to be even more dangerous than the typical <a
> href="badsite">goodsite</a> in an HTML email.
Absolutely. However this also applies to MUC generated previews as MUC
servers in general cannot be considered trustworthy (even though many
clients nowadays just do that). Also servers are not able to look into
Also it's not said anywhere that the link preview can be clicked on at
all. If you can only click on the actual link in the original message,
spoofing what is displayed below is far less of an issue.
Also regarding phishing: Nothing keeps me (as a phisher) from actually
using the same opengraph tags on the phishing site as on the original
site, so even a server generated preview does not protect in any way
More information about the Standards