This is my first entry in my new “Tips and Tricks” category. Every so often, I will be posting my favorite technology-related advice. If you have a tech question, or if you have a favorite tip, feel free to contact me or leave a comment.
URL shortening tools have really exploded in popularity over the past few years. If you use Twitter or similar sites at all, you have more than likely encountered the use of such tools. Bit.ly and TinyURL are among the most popular URL shorteners. What these tools do is take a long Internet address and make a shorter version of it. For example, instead of posting http://www.engadget.com/2010/02/26/nvidia-optimus-equipped-asus-n61jv-x2-n71jv-x1-hit-the-us/ on their Twitter account, Engadget used the shortened version: http://bit.ly/9ul1to. URL shorteners have been around for awhile, but Twitter and other microblogging sites have accelerated their growth, because users don’t want to waste precious characters for URL’s.
Now, you may be asking, “What’s with the title of this blog entry, then? URL shorteners sound very useful!” That’s true; when used properly, there is nothing inherently wrong with these tools. I use bit.ly myself to shorten the URL’s for my blog posts when I link to them on Twitter. That being said, not everyone has the most wholesome intentions in mind, and URL shorteners can in fact be used for malicious purposes.
Short URL’s can very easily be used to redirect someone to a malicious site that could attempt to download spyware or viruses onto a PC. Furthermore, they can be used in phishing schemes. A phishing attack involves sending someone to what appears to be a legitimate site. Usually, the site will appear to be a banking site or something of that nature (PayPal, for example). It will request your user information and make you think you are dealing with the actual site the whole time, but in actuality, the site is a well-designed fake. Short URL’s can help perpetrators because the unsuspecting victims won’t be worrying about the actual URL.
In short, it’s generally fine to trust a short URL from someone you know or follow on Twitter. However, a short URL from an unknown entity should always be verified. LongURL is a great tool to expand short URL’s. You can go directly to www.longurl.org/expand to use their web-based interface and input a URL, or you can use their Firefox add-on (unfortunately, the add-on does not work with the latest version of Firefox and no other alternatives exist at the moment). I highly recommend using this or a similar tool to check unknown short URL’s before following them blindly.
I agree completely. Even though I don’t work in IT directly anymore, I can still recognize this as a serious danger to casual users. And honestly I’m not sure that there is a good solution to this.
Yes, there are URL expanders and verifiers (like tinyurl.com has). But who uses those? Maybe a casual user who only comes across one every once and awhile, or one who has one that looks suspicious… but as someone who sees a shortened URL multiple times a day it’s just not practical.
The best “solution” is to become educated about the warning signs both before and after you click the link. Like typos in emails and strange characters in the URL once you get there. Knowing what to look for is more than half the battle when it comes to preventing malicious activities.
My opinion – take it for what you will.
David Needham
http://enjoycreativity.com
Comment by David Needham — February 26, 2010 @ 2:01 pm
Good points. There’s definitely a trade-off; shortened URL’s make life easier for the content creators but somewhat less convenient for the content consumers.
And yeah, I don’t know that there’s a better way to do it unless they move to institute some kind of standard – maybe work with the web browsers to create a safer and more secure way to use short URL’s.
Comment by Alex Popoutsis — February 26, 2010 @ 4:06 pm
I have noticed a few sites using custom short URL’s – TechCrunch (tcrn.ch) and the Green Bay Packers (pckrs.com), for example. That’s one possible solution.
Comment by Alex Popoutsis — March 1, 2010 @ 10:32 am
Yeah, that seems to be the best practice, though I’d even shy away from using a link that looks similar to another website but not the same URL. Kinda like what I said above, typos or URLs that look familiar but are slightly different are red flags that it’s not legit.
If techcrunch is shortening a link, make it techcrunch.com/1234. It’s still short, sweet and clearly still from techcrunch.com. I read an article on how to do this recently. Might look into it for http://enjoycreativity.com someday, though it’s obviously a better plan with people who have shorter root URLs already.
Comment by David Needham — March 4, 2010 @ 11:12 pm
Short URLs on your own domain is a great idea… I might look into that myself.
Comment by Alex Popoutsis — March 5, 2010 @ 1:06 am
Here’s where I found it. I liked his suggestion for adding #keyword at the end of the url to give the reader an idea what it is… if you can afford the letters.
http://esev.com/blog/review/host-your-own-url-shortener-10-php-apps-reviewed/
Comment by David Needham — March 5, 2010 @ 1:27 am
Very nice, thanks for the link.
It looks like hosting your own URL shortener is not only good for trust purposes, but for SEO as well.
Comment by Alex Popoutsis — March 5, 2010 @ 1:32 am
[...] in February, I posted about the hidden dangers behind shortened URLs. In the comments, David Needham mentioned the possibility of self-hosted URL shorteners to help [...]
Pingback by Alex Popoutsis :: Blog — August 26, 2010 @ 3:56 pm