UrlCheck

fria: > I really don’t think an app that sends every URL you click on to both VirusTotal and unshorten.me is a good idea. Also apps that modify your URLs are a whole other attack surface. It only sends URLs to those sites if the user deliberately taps on modules’ commands. Even then, those (and any of) modules can be completely disabled. Anything can be attack surface, Brave and Ublock Origin (which are both recommended) can also modifiy URLs, so I don’t see the point. Most of it’s modules are manual anyway. Without Virus Total, unshorten.me and Status code it otherwise only needs internet access to update lists (which are downloaded and used locally, so no internet needed to clear URLs or redirect to frontends), which can also be disabled. Apart from all that, it can work offline. > Every browser now has HTTPS-only mode, so upgrading URLs to HTTPS is a useless feature. Trying to avoid the security risk of shortened URLs by adding at least two other parties that change your URL again makes no sense, just don’t use URL shorteners or only use first-party ones. Not every app is a browser, though. I’ll admit that http to https is more of a nice-to-have, just-in-case thing. Regarding URL shorterners, If I understood well, by using them, you mean just getting through them to get to the actual link. It would be best to avoid visiting any kind of URL shorterners whenever possible, and only unshorten if there’s absolutely no choice. I think there should be a notice or warning regarding this. The app itself also recomends against unshortening links with private and sensitive data, so there should be a notice about that too. fria: > Firefox also already has the Copy Clean Link feature built in to strip tracking from URLs. Brave removes tracking parameters by default. Those two are the only ones (to my knowledge) that clear URLs at the moment. What if someone uses other browser? Would that someone have to download additional browser just to clear parameters? Or download ClearURLs or Unlock Origin which are both browser extensions? fria: > Also browsers already have a better anti-malware system called safebrowsing that you can enable if you want to. It only sends a hashed prefix of the site you’re visiting and protects your IP address with OHTTP. Firefox’s version downloads a local list and avoids communicating with Google as much. Which (as far as I can tell, correct me if I’m wrong) relies on badness enumeration and limited to just browsers. URLCheck isn’t meant for just browsers, and checks URLs via regex rules, which is the opposite approach. It’s not meant to be a replacement for safebrowsing anyway, since it only checks if the link contains non-Latin characters or not.