Ask HN: What's the worst thing that could happen if I click on an unknown link

13 canergl 8 3/26/2025, 11:43:32 PM

1- suppose any random link that you encounter in public internet

2- you click on the link

3- a new tab opens in your browser

4- you don't download anything but close the tab

now what is the worst thing that could happen after this moment?

Comments (8)

uejfiweun · 34d ago

There's no theoretical limit. That's what the concept of a "zero day" is all about. It's entirely possible that some undiscovered vulnerability allows an attacker to remotely hijack your entire PC, steal all passwords, and completely ruin your life just by opening a webpage. Is it likely? No. But in terms of the "worst thing possible" there's really no upper bound.

AlexITC · 33d ago

When I was younger I used to believe that nothing serious could happen because I don't use Windows and "I was smart enough" to not execute malware (yeah, I didn't care on downloading it; how wrong I was).

Someone already mentioned zero days but let me elaborate a bit on what can happen when visiting a website:

- Without zero days involved, you are already disclosing digital information, ip address, browser fingerprint, precise location access could be granted with relaxed browser settings, etc.

- As a dev, you may have services running locally, let's say, postgres, web servers, etc. -sometimes we install stuff and forget about it- the malicious website could access these.

- It could try using your sessions for other websites.

- It can also interact with your browser extensions, many of these do not take precautions for this.

- It can also try using your hardware, camera, microphone, bluetooth, we now even have webusb.

- It can also try to use your CPU/network for cryptocurrency mining or attacking other servers, it could even use you as a proxy while you are on the website.

- With zerodays, it could do just anything.

ironmagma · 34d ago

Well, the front could fall off. [1]

[1] https://www.youtube.com/watch?v=3m5qxZm_JqM

vonunov · 31d ago

It might not be as easy as it used to be, but when I did remote PC tech support ca. 2008-2010, all day every day was almost nothing but removing infections of rogue (fake) antiviruses and their supporting rootkits that people got via "driveby download" -- no stupid mistakes needed (unless you count browsing without an ad blocker).

Am4TIfIsER0ppos · 34d ago

> 4- you don't download anything but close the tab

Does your browser show anything in this thought experiment or are you so quick to close the tab the browser hasn't even connected to the server? If it shows anything you have downloaded something. That is how it is shown in the browser. With a malicious payload you cannot know what might happen as uejfiweun says.

roland35 · 34d ago

Believe it or not, jail

tomcam · 33d ago

how

cpach · 34d ago

One thing that could happen is that you could have seen a truly horrible image.