> My biggest concern is that we shouldn't do anything to teach people that sometimes they CAN trust the link text rather than needing to check the actual URL they end up at.
I don't believe that "copy link text to avoid tracking" is a relevant part here, so I still don't understand why you'd want to give the impression of a text-link with a different URL. I see lots of malicious reasons, but I don't see valid ones where there is a strong case that this is a necessity. Why should we teach users that "don't trust your lying eyes, just click on whatever" is ever a good idea? Why shouldn't we teach them to not touch something that is trying to deceive them? If we teach them to ignore these things, we're making it easier for scammers.
Sure, blocking links to domains that don't match the sender's may be something as well, but I do see lots of cases where that's totally normal, i.e. me sending you an email saying "hey, I read your blog entry, and this site here does what you want". Mind you, that's just a link, it's not a link that is trying to confuse you about it's true target.
> You do expose additional information about the user's clicks and IP address. If this is something your company is concerned with
If any company isn't concerned with that, they either don't do business in Europe or they should talk to a lawyer. ;)
> If you are trying to promote the use of first-party click tracking (or just discourage third-party click tracking)
Neither is my intent, I just don't see valid reasons to pretend you're linking to one URL when you're linking to another when there's an easy alternative: put words into the linktext, not URLs.
It's like FB's idea to pressure users into giving them their passwords for their email account. Terrible idea, no valid business case ("it's easy and we can really check that they are the owner of that email account" isn't valid), but lots of reasons for malicious actors, so somebody telling you "give me your email password" is a warning sign for everybody. Trying to confuse users about what URL you're linking to is as well.
I don't believe that "copy link text to avoid tracking" is a relevant part here, so I still don't understand why you'd want to give the impression of a text-link with a different URL. I see lots of malicious reasons, but I don't see valid ones where there is a strong case that this is a necessity. Why should we teach users that "don't trust your lying eyes, just click on whatever" is ever a good idea? Why shouldn't we teach them to not touch something that is trying to deceive them? If we teach them to ignore these things, we're making it easier for scammers.
Sure, blocking links to domains that don't match the sender's may be something as well, but I do see lots of cases where that's totally normal, i.e. me sending you an email saying "hey, I read your blog entry, and this site here does what you want". Mind you, that's just a link, it's not a link that is trying to confuse you about it's true target.
> You do expose additional information about the user's clicks and IP address. If this is something your company is concerned with
If any company isn't concerned with that, they either don't do business in Europe or they should talk to a lawyer. ;)
> If you are trying to promote the use of first-party click tracking (or just discourage third-party click tracking)
Neither is my intent, I just don't see valid reasons to pretend you're linking to one URL when you're linking to another when there's an easy alternative: put words into the linktext, not URLs.
It's like FB's idea to pressure users into giving them their passwords for their email account. Terrible idea, no valid business case ("it's easy and we can really check that they are the owner of that email account" isn't valid), but lots of reasons for malicious actors, so somebody telling you "give me your email password" is a warning sign for everybody. Trying to confuse users about what URL you're linking to is as well.