Today I came across another company doing the same thing. Look out for snip.ly links. They are also compromising your security and privacy.
You have to remove Linkis from a desktop browser. The correct settings page doesn’t show up in a mobile browser or app.
This is something that we educators need to teach our students as a part of Digital Citizenship.
A disturbing trend on Twitter.
In the last several weeks I have become aware of an insidious, disturbing “service” called Linkis. Linkis.com man-in-the-middle attacks your browsing to inject their content into your stream. This violates your privacy allowing Linkis to track your browsing and modify what you see on pages you visit.
Wikipedia describes man-in-the-middle attacks:
“In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM attack or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.”
When contacting the people who have been using this “service” I found a disturbing trend, none of them knew that they were using it. That is right they had a service linked to their Twitter account (and possibly Tumblr) that was changing their posts without their knowledge.
How does this happen?
Linkis spreads like a virus. One person gets it but doesn’t notice the symptom of the changed link in their post. After all, with Twitter using link shortening sometimes the link changes for a valid reason. Then another unsuspecting person opens the link and when it opens it looks exactly like what they expected to find except for the URL and a box on the side of the webpage.
Linkis then pops up a window that looks like this that can make you think that you need to click it to see the content you planned to view. If you click connect then it links to your Twitter account and you have caught the Linkis bug.
Once you have caught the Linkis bug then when you post a link in your tweets Linkis will replace the links in your tweets with their link. Anyone that clicks this link goes to Linkis’ site instead of the place you intended to send them and is vulnerable to accidentally adding Linkis to their account.
I figured out that I caught the Linkis bug, how do I fix it?
In order to stop Linkis you have to go into your Twitter, Tumblr, and other sites to deauthorize their access to your account. I also recommend that you report them to Twitter. The gif below shows how to do it and here are links to how-to videos on my YouTube channel. Remove Linkis from Twitter and Tumblr. Edit: 7/13/16 Videos embedded at the end of the post.
6 thoughts on “Be Careful What You Click On — Man-in-the-middle attacks disguised as Twitter “branding”.”
Thanks for sharing this!
You are welcome. I don’t hate much but dispicable compaines that take advantage of people are on that short list.
Thank you for sharing this. I noticed the other day some of my incoming traffic to my blog on WordPress was coming from that link is, so I checked it out, but didn’t connect because it seemed strange and suspicious to me! Glad I found this on Twitter! I’m sharing!!
I also found out today that if you contact Linkis dirrectly they will put your site on a “blacklist” that will make their service forward people to your correct URL, but they still track that.
I hate Linkis as i see it as theft of my content for their benefit. it is hard enough for me to find the time to write and then some jerks use my hard work for their profit?
As far as requesting Linkis to blacklist your site, I am not sure they actually honor this. I think I have requested this 2X. If it happens again, I will file a DMCA