Is this on the main site or the forums? Clicking a non-steam link on the forums will always trigger a warning, and since Steam controls the forums and we don't, we can't turn it off. (You can just check the "Don't show this again" box.)

on the main site, on those trade notes. clicking another outpost link will trigger this, or on other white listed sites. i cant find 'dont show this again', not even in settings.

Yea I clicked on a link to another OP trade and received that warning. Found it odd.

I made it no longer show the modal for links on tf2outpost.com. If the link you're following is external, it will be shown. This is just easier than manually whitelisting links.

The problem with this approach is that people will most likely get used to it and just ignore it, and since you get the same warning for clicking on a link to steamhost.cn/steamcommunity_com or steamccmmnity.com there's no distinction between the two. I'm not saying I liked the previous approach more but this could be improved by using a word matching algorithm (I forgot the name).

Most of the phishing links I've seen are a variation of steamhost.cn/steamcommunity_com, tf2outpost.com or dota2traders.com. These could be easily detected and a big red warning could be shown to the user "This link is a potential phishing site, don't enter your login information on it". A similar warning could be shown for shortened links (bit.ly, goo.gl etc).

Well if they ignore warnings then it's their own fault. Like I said, it no longer shows the modal for links to tf2outpost.com, but does for everything else.

I still feel whitelisting was better. You just need to whitelist SR associated sites and no more. You don't need to whitelist even tinurl, tinypaste, tinypic etc. on a tf2 trading site tbh.

Just keep whitelist short and simple related to TF2 trading like steamcommunity and SR affliated sites

This is easier all round, trust me.

Originally posted by Snizza™:

Well if they ignore warnings then it's their own fault. Like I said, it no longer shows the modal for links to tf2outpost.com, but does for everything else.

Same thing can be said about people entering their information on phishing sites. If they didn't check the link first it's their fault. Browsers display a green banner in urls, it's still easy to miss. (I lost my account this way too once).

Of course it's impossible to completely fix this issue, it doesn't hurt to take extra measures against it though. I was talking about one of these algorithms:

http://en.wikipedia.org/wiki/Levenshtein_distance
http://en.wikipedia.org/wiki/Damerau%E2%80%93Levenshtein_distance

It could be used to detect links such as steamccmunity.com and give extra warnings to the user in big bold red if it's a fake website while keeping the normal warning for any other external link.

good that op links no longer get those caution message, but surely the 8 op affiliates should get the immunity as well