I'm working on improving routing on Coracle, and ran into the issue of deep-linking creating attack vectors for malicious links. To a certain extent, this is unavoidable, people can always direct someone to a bad event or link unless there's no navigation at all.
I'm more concerned about attackers being able to inject a malicious relay into Coracle, for example https://coracle.social/notes?relays=wss://my-evil-relay.com in order to phish someone's pubkey and correlate their identity.
How bad is this? I'm inclined to leave relay deep-linking out. But then relays are a resource in their own right, so I don't know if it's possible. Maybe ask for user approval before connecting to any relay not in their own relay list? This would cover malicious relay injection via NIP 65 as well.
I really need to read more about how outbox works... Example, someone posts a reply to a note. Client looks up the inbox/read relays for the key that posted the OP, posts the reply there as well as any outbox relays(optional). Then a new pubkey replies to that, do they lookup the inbox/read for the previous 2 keys then?
🤔
Possibly, but I doubt any clients do that currently.
