Comment by justusthane
2 days ago
> Doppelganger campaigns use specialized links that bounce the visitor’s browser through a long series of domains before the fake news content is served
What’s the purpose of being bounced across several different domains before arriving at the destination? I’ve noticed this behavior when accidentally clicking on sketchy ads, but never stopped to think about it.
It bypasses a lot of the checks they do on the initial site when submitting to ad networks. It also allows custom redirections based on user agent, potential ip location, etc. Common in phishing.
reminds me of how okta and similar handle logging in. feels like 10thousand redirects later.. training users that behavior is okay
I literally just implemented an Okta integration with an internal tool yesterday, so let me offer a little insight on why this happens. I have an existing tool. The guy in charge of it doesn't want me breaking anything, but we want to add an SSO flow to avoid having to login.
So I need a "SSO login page", which fetches some configuration data, stores it, generates some shared tokens, hands them to the browser, and then redirects the user to an Okta endpoint. Okta, for some reason, doesn't directly serve the login screen at that endpoint, so it captures the tokens I gave the browser, then redirects to its login page. The user logs in on the Okta page, which then redirects the user back to a page that I specified, which (since I don't want to touch the fragile 10,000 line php document that is the application's home page, is a separate page, which gets some information from the browser, makes a request to another Okta endpoint, at which point the user can be authenticated, logged in, and then sent to the home page of the app.
Basically, the most standalone way of handling the problem involves 4 redirects.
Still better than the MS Teams website, which can get into a weird state and redirect in circles.
I despise how my university's login system just redirects several times (sometimes getting stuck, reloading and redirecting multiples times, and then occasionally shitting me out on the logged out screen, wondering WTF happened).
I cannot fathom how their IT staff allows things to be that way. One redirect ideally. Two max. Three, and I'm assuming you don't know what you're doing, at all.
One reason is to set session ID cookies on several different domains.
> I cannot fathom how their IT staff allows things to be that way. One redirect ideally. Two max. Three, and I'm assuming you don't know what you're doing, at all.
Welcome to Microsoft/Live/Bing/Skype/Edge/...
The problem with university login systems - at least here in Germany/Europe - is this global federation system that's also backing EduRoam. Authentication flows there are insanely complex, not to mention dealing with known quirks of some university's implementation...
If only it were that simple. You can thank Apple, Google and their war on cookies for that.
In addition to what the other comments said it also would allow for first-party cookies to be set for those domains
Not sure if that's the purpose but it could potentially be used for tracking, monetization, etc
Multiple impressions per interstitial domain, I imagine.
A lot of microsoft services do this, too. Though, that's probably incompetence.