HackerTrans
トップ新着トレンドコメント過去質問紹介求人

rsbadger

no profile record

投稿

Show HN: Storage.to CLI, upload a file, get a link

3 ポイント·投稿者 rsbadger·6 か月前·0 コメント

There and Back Again – An Ecommerce Tale

shoprocket.io
1 ポイント·投稿者 rsbadger·4 年前·0 コメント

How to setup a secure file server with Nginx

medium.com
4 ポイント·投稿者 rsbadger·4 年前·0 コメント

“Magic links” can end up in Bing search results, rendering them useless

medium.com
537 ポイント·投稿者 rsbadger·4 年前·233 コメント

Show HN: Shoprocket.io – Turn any website into a shop in seconds

shoprocket.io
12 ポイント·投稿者 rsbadger·4 年前·1 コメント

Trustpilot Extorts Businesses

medium.com
1 ポイント·投稿者 rsbadger·4 年前·0 コメント

コメント

rsbadger
·4 年前·議論
Unfortunately not - the links were indexed and shown in Bing search results
rsbadger
·4 年前·議論
I do have a robots.txt to block this directory. But Bing only listens to that for what to crawl, not what to index.
rsbadger
·4 年前·議論
I’m fairly certain they are. My links ended up indexed in Bing search results. The only place they were ever rendered was in private emails to users. Bing should not be indexing that.
rsbadger
·4 年前·議論
Exactly that.
rsbadger
·4 年前·議論
This is very useful information. You’d really hope that private emails would be excluded by default…
rsbadger
·4 年前·議論
The only purpose of this link was to verify that the email address is valid. Once it’s verified, you can login.
rsbadger
·4 年前·議論
Many people (most?) prefer to signup to services by email address. To do so, those email addresses must be verified. How would you verify it without sending them an email link?
rsbadger
·4 年前·議論
You’re right that it was a bit of an oversight on my behalf, as the links were only generated after a verified human user action (signup) I had assumed the 1 time links to their email would be safe. But regardless of the link action, it shouldn’t be passing that data to Bingbot to crawl and (possibly) index in search engine results. Private email data should not be shared with search engine crawlers IMO.
rsbadger
·4 年前·議論
I would be pretty mortified if browsers were using user browser sessions to scan content and pass it to bingbot…? What about if you’re browsing something local? Or your bank account?
rsbadger
·4 年前·議論
Almost all of them. A good example is Dropbox link you send to someone. I could generate this link to a private file in my Dropbox, email it you, and Bing (may) index it.

https://www.dropbox.com/s/vucien2ns8jktga/denim%20bodywarmer...

I doubt many people realise this when they email "private" links...
rsbadger
·4 年前·議論
Exactly - seems the safest way is to explicitly block known bots by user agent from even reaching pages you don't want indexed.
rsbadger
·4 年前·議論
You may be seeing a stale version, try this: https://shoprocket.io/robots.txt?bypass=1

(I made a lot of changes today when testing all, including "visit as Bingbot" from their webmaster tools with and without the URL blocked by robots.txt)
rsbadger
·4 年前·議論
Quite possibly…
rsbadger
·4 年前·議論
They were indexed in Bing results, I’ve shared the URL of that in this thread
rsbadger
·4 年前·議論
I don't think that's very surprising for most people, the real takeaway is that not only will Bing read your emails, but they may also index any links you send and serve them in search results.
rsbadger
·4 年前·議論
Exactly. I also noticed Bing had accessed some non microsoft tokens too. Even gmail accounts were affected. I assume some people have connected their gmail account to the outlook client?
rsbadger
·4 年前·議論
Exactly. From what I've heard today it sounds like most apps have an extra step between the email link and the login, usually a JS step, to check for bots.

Not adding that was my downfall I think.
rsbadger
·4 年前·議論
AFAIK, most of those "private" links are actually just "unlisted" but they're still public. I'm sure Bing is indexing those too...
rsbadger
·4 年前·議論
Absolutely
rsbadger
·4 年前·議論
Yeh I was a bit reluctant to post that as it doesn't look great for my app! But here's the results: https://www.bing.com/search?q=https%3A%2F%2Fshoprocket.io%2F...