Demonstrating URL Spoofing on BlueSky

[BlueSky](https://bsky.app/) uses a protocol called [At Protocol](https://atproto.com/guides/overview). When submitting posts via ATProto, clients must pre-generate link preview calls. Whilst this takes load of the receiving server (and the websites themselves), it also gives posters the ability to [trivially insert fake links](https://www.bentasker.co.uk/posts/blog/security/bluesky-posting-enables-misinformation-and-phishing-campaigns.html). The protocol also allows arbitrary text to be turned into a link. This video shows [a skeet](https://bsky.app/profile/bentasker.co.uk/post/3k52qqns7vo2b) which appears to link to BBC News but is actually a rick-roll