Be Careful What You Click On — Man-in-the-middle attacks disguised as Twitter “branding”.

Update 10/31/2016:

Today I came across another company doing the same thing. Look out for snip.ly links. They are also compromising your security and privacy.

Update 11/26/2016:

You have to remove Linkis from a desktop browser. The correct settings page doesn’t show up in a mobile browser or app.

This is something that we educators need to teach our students as a part of Digital Citizenship.

A disturbing trend on Twitter.

In the last several weeks I have become aware of an insidious, disturbing “service” called Linkis. Linkis.com man-in-the-middle attacks your browsing to inject their content into your stream. This violates your privacy allowing Linkis to track your browsing and modify what you see on pages  you visit.

Wikipedia describes man-in-the-middle attacks:

 “In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM attack or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.”

When contacting the people who have been using this “service” I found a disturbing trend, none of them knew that they were using it. That is right they had a service linked to their Twitter account (and possibly Tumblr) that was changing their posts without their knowledge.

How does this happen?

Linkis spreads like a virus. One person gets it but doesn’t notice the symptom of the changed link in their post. After all, with Twitter using link shortening sometimes the link changes for a valid reason. Then another unsuspecting person opens the link and when it opens it looks exactly like what they expected to find except for the URL and a box on the side of the webpage.linkis callout.png

 

Linkis then pops up a window that looks like this that can make you think that you need to click it to see the content you planned to view. If you click connect then it links to your Twitter account and you have caught the Linkis bug.

This slideshow requires JavaScript.

Once you have caught the Linkis bug then when you post a link in your tweets Linkis will replace the links in your tweets with their link. Anyone that clicks this link goes to Linkis’ site instead of the place you intended to send them and is vulnerable to accidentally adding Linkis to their account.

I figured out that I caught the Linkis bug, how do I fix it?

In order to stop Linkis you have to go into your Twitter, Tumblr, and other sites to deauthorize their access to your account. I also recommend that you report them to Twitter. The gif below shows how to do it and here are links to how-to videos on my YouTube channel. Remove Linkis from Twitter and Tumblr. Edit: 7/13/16 Videos embedded at the end of the post.

Remove Linkis

Please share this with everyone you know so that we can block Linkis from spreading. You might also think about contacting or tweeting to the Electronic Freedom Foundation (@eff) about Linkis and its man-in-the-middle attacks. The EFF is an organization that champions people’s privacy and security on the internet.

Video Tutorials (Added 7/13/2016)

6 thoughts on “Be Careful What You Click On — Man-in-the-middle attacks disguised as Twitter “branding”.

  1. Thank you for sharing this. I noticed the other day some of my incoming traffic to my blog on WordPress was coming from that link is, so I checked it out, but didn’t connect because it seemed strange and suspicious to me! Glad I found this on Twitter! I’m sharing!!

    Like

  2. I hate Linkis as i see it as theft of my content for their benefit. it is hard enough for me to find the time to write and then some jerks use my hard work for their profit?

    As far as requesting Linkis to blacklist your site, I am not sure they actually honor this. I think I have requested this 2X. If it happens again, I will file a DMCA

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s