frontpage.

Google offers a page on https://google.com/url?q=https://news.ycombinator.com/item?id=46613684 that works as an open redirect to any site since at least March 2025 [1].

As such, it often gets used by phishers to piggy-back on the domain reputation of Google by either human actors safety-squinting the domain name or systems that allowlist Google.

Google has often had open redirect problems, for example around AMP, but these seemed to be unintentional and were removed after some time. However, this google.com/url naming scheme almost seems intentional.

This is in contradiction with their own advice (2009) around open redirects [2].

Does anyone know why Google keeps this working, thereby facilitating phishers?

[1] https://www.intego.com/mac-security-blog/scammers-using-new-trick-in-phishing-text-messages-google-redirects/

[2] https://developers.google.com/search/blog/2009/01/open-redirect-urls-is-your-site-being

Show HN: Remio A second brain without headaches

How to import ChatGPT conversations in Obsidian

Show HN: SVGFix – transforms SVG path coordinates to origin, not just viewBox

Why AI works better on existing codebases

The effect of testosterone on human bargaining behaviour (2009)

Elevated error rates on Opus 4.5

System Programming in Linux: A Hands-On Introduction "Demo" Programs

Show HN: Imago – open-source AI portrait generator with guided creation

Ethernet Switching Hits New Highs

Uber Conquered Database Overload

Show HN: I built free calculators for THC, alcohol, and caffeine detox timelines

Microsoft Graveyard

Scout AI Revolutionizes Security Intelligence with Amazon OpenSearch Service

The Befunge Programming Language

Show HN: PhotoCraft – an AI photo editor I built and shipped as my first iOS app

Achieving Kafka reliability at scale with the Streaming Platform (2025)

Kuo: Apple's AI Deal with Google Is Temporary and Buys It Time

Lore, A reasoning engine that stores the "why" behind code changes

UK police chief admits policy relied on CoPilot hallucination

Jensen Huang Is Begging You to Stop Being So Negative About AI

London cracked mobile phone coverage on the Underground

Wine stable release 11.0.0 is now available for Linux FreeBSD and macOS

Show HN: I got PyTorch models running on WebGPU without ONNX export

UK government rolls back key part of digital ID plans

Premature Optimization in Entertainment Development

Private Inference

Rockstar vs. Union: We Went to Court and Saw the Evidence [video]

A 16-inch Laptop that Expands to 23.8 inches of Screen Space

I Love You, Redis, but I'm Leaving You for SolidQueue

Police chief admits misleading MPs after AI used in ban justification

Ask HN: Why does Google still provide an open redirect for phishers?