Ok, but what's unfurling? As far as I can tell, this is just tricking the thing that tells you the target domain of a shortened link? But if you clicked the link, you could just see the link though right. How is this fooling anyone?
Unfurling is the process of fetching additional information (title, description, image) and showing that on the platform itself. Twitter does it, Facebook, Slack too.
On Slack you can implement custom unfurling that does more than just show the title/description/image. See docs here: https://api.slack.com/reference/messaging/link-unfurling. I'm currently building one such custom integration
I've never heard the term before now, but I interpreted it to mean following redirects to get the end page.
> But if you clicked the link, you could just see the link though right. How is this fooling anyone?
It fools you before you click the link. After you do, you're no longer fooled, as long as you pay attention to the URL bar. The obvious problem is people who don't pay attention the the URL bar.
Another problem might be you're forbidden from viewing certain sites at work, you see a link that goes to news.ycombinator.com knowing that's safe, but then go to a forbidden site instead.
Another problem would be browser 0-days. A link to news.ycombinator.com would be safe assuming it hasn't been compromised itself, but a different website might spring a browser 0-day on you.
