Every email I get with a url in it gets hovered over to examine the target of the link in the status bar. I'll never click a link without examining where it goes. This is why I very rarely click shortened urls, because I don't know where they go. It is also one of my pet peeves with flash plugins, because I can't right click on them and see where the content is coming from, of course if it is in my browser, it's already too late.
It may not be in the best interest of my time, mathematically, but I won't stop examining urls. For my internet databases behind websites, I always use random strings for the name of the db, the usernames, and the passwords. I never need to type them directly, so they can be extremely complicated, long, and nearly impossible to remember.
I want to reduce the risk that someone can associate www.somesite.com with the database behind it. If they do that, then they also have to figure out the weird username and pass. but if the database behind somesite.com is somesite_db and the user is somesite_user, then I'm already in trouble. Instead, somesite.com is backed by a database called 3ksxi32kkk329 with a username of 2391kkxkw329049 and a password of asdlkfjl2k3j2ol3iosioci923002309899*7232$!939120012klk3129x9d923lsd923lse923lll212--0342lsiii
I think you missed the point. I would assume most people on hacker news know how to read urls and do it on a daily basis. For you the cost of finding where a link goes is minimal.
Most people elsewhere do not know how to read urls. Their cost for learning to read urls and remember how to find out where a link goes is higher than they are willing to pay and statistical more expensive than not doing so despite the risks!
Most people elsewhere do not know how to read urls
True, and probably an understatement. Many people, perhaps even most of them, don't know what a URL is, let alone how to interpret its components.
These are the people whose ultimate means of navigating to something is to type its name, or something like its name, into the browser search box. Assuming they pay any attention to URLs at all, they presumably treat (e.g.) the "www.mcdonalds.com" that they see on a print ad as a special magic keyword that can be typed into Google. And so it is.
> Most people elsewhere do not know how to read urls. Their cost for learning to read urls and remember how to find out where a link goes is higher than they are willing to pay and statistical more expensive than not doing so despite the risks!
It doesn't even need to be statistical more expensive to be rational. Perhaps users may just be unable to forecast how much learning to read URLs will benefit them, and thus risk-aversion [1] prevents them from making the time investment.
[1] The use of risk-aversion on this meta-level is kind-of ironic, if you don't look too close.
...The cost-benefit tradeoff for most security advice is simply unfavorable: users are offered too little benefit for too much cost. Better advice might produce a different outcome. This is better than the alternative hypothesis that users are irrational.
It may not be in the best interest of my time, mathematically, but I won't stop examining urls. For my internet databases behind websites, I always use random strings for the name of the db, the usernames, and the passwords. I never need to type them directly, so they can be extremely complicated, long, and nearly impossible to remember.
I want to reduce the risk that someone can associate www.somesite.com with the database behind it. If they do that, then they also have to figure out the weird username and pass. but if the database behind somesite.com is somesite_db and the user is somesite_user, then I'm already in trouble. Instead, somesite.com is backed by a database called 3ksxi32kkk329 with a username of 2391kkxkw329049 and a password of asdlkfjl2k3j2ol3iosioci923002309899*7232$!939120012klk3129x9d923lsd923lse923lll212--0342lsiii