Social Enterprise

URL shortening services can pose risk to safe browsing habits

URL shortening services are eye-friendly on the Internet at large, but are they removing a layer of self-protection? Rick Vanover argues that these services can circumvent safe browsing habits.

I've been using a number of social networking services for quite a while, with instant messaging and Twitter being the ones I use most. With the popularity of URL shortening services such as bit.ly, tr.im, 3.ly, ShortURL, TinyURL,and others we lose one of our more effective pieces of vigilance for safe browsing habits. By having a masked URL, we don't know where the truncated link will take us. While we can determine where the link is, this is a cumbersome and manual process.

For example, I used this bit.ly link http://bit.ly/1cKYz on Twitter to Tweet about last week's post about finding good things within Twitter amongst the blabber. I can go to this link, http://bit.ly/info/1cKYz, to determine the long URL. I think it ripe for a browser plug-in to become mainstream for all browsers to expose the long URL so we can make that judgment call before clicking a truncated URL. Currently users can install plug-ins such as Long URL Please for Firefox. I use bit.ly for my Twitter links, so I am in a way torn on the risks here.

The way social networking services work, truncated URLs can be passed around quite a bit, and the true originator of the truncated link may not be easily determined. This again circumvents another safe browsing behavior in that we do not know the source of the link and its potential information. Further, many applications for social networking products like Twitter make it very difficult as the vast array of helper products display Tweets differently.

While we may be protected by site filtering and system malware alerts, the truncated URL introduces a risk to the long-standing common sense that can be applied simply by looking at domain names of hyperlinks. Don't get me wrong, this isn't about Twitter being bad or evil, only about the URL truncating services possibly causing a risk. Share your comments on URL shortening below.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

12 comments
bonz.adam
bonz.adam

maybe we won't need them if we have more space to write. My url is my signature i prefer it unchanged or not shortened.

frith.kenny
frith.kenny

needs some add on app on the explorer ....i dont use mozilla, but am very reluctant to click on the tiny link users who do not know much may just clik away and get infected

kimbaslair
kimbaslair

bit.ly has a preview at least in FF it does, and I use the add-on "Hoverclue" also for Firefox which even gives the first sentence of the page in one box and a larger box that previews the 1st web page which you can scroll down. The only time it doesn't work is on redirects. I have heard it's treated the same as if you clicked on it but to me it's faster and I don't have to open unnecessary windows if I don't need to; I don't worry about landing on an "unwanted" site, that's what PC Tools and McAfee site advisor is for.

CharlieSpencer
CharlieSpencer

I used to use them here, the only quasi-social web activity I engage in. I realized I didn't like playing digital roulette every time I clicked a shortened link. I decided if I wanted people to click links I provided, I would stop expecting them to take chances, and stop encouraging the blind following of shortened links.

famigorena
famigorena

Finjan SecureTweets for Firefox & IE, a free add-on that peeks into the site behind a shortened URL, can help ...

Tink!
Tink!

I use TweetDeck for Twitter and on 90% of the shortened urls (including bit.ly) it will show you the real url first. Then you can decide whether or not to click through. It would be nice if tinyurl would just default to a preview to help provide safer browsing for everyone.

NickNielsen
NickNielsen

It's the equivalent of bit.ly's info function. For example, the tinyurl for your original post, Rick, is http://tinyurl.com/leynow. The preview URL is http://preview.tinyurl.com/leynow. You won't, of course, be able to actually go to these pages because either TinyURL has trouble with TR's links or TR has trouble with TinyURL's links: - The original URL is http://blogs.techrepublic.com.com/networking/?p=1853 - TinyURL stores it as http://blogs.techrepublic.com.com/networking/%3Fp%3D1853. Clicking on the TinyURL takes you to a TR 404 page.

LyleTaylor
LyleTaylor

I agree as well. I almost never click on a shortened URL. If you want me to click on it, then let me see what I'm clicking on without having to install some plugin, go to some special preview URL, etc. I even always hover over links to make sure that they go where they say they are, especially links received in e-mails.

csmith.kaze
csmith.kaze

I have personally shunned url shortening services for a few years now. We had a virus do a number on a few machines due to a user blindly clicking a "shortened" link (wasn't actually shortened, but was a fake url with a different hyperlink behind it).

tedcjohnston
tedcjohnston

Here's where NoScript really helps. It will block the end page from running active content unless you have added it to the whitelist. I understand that the average user will not use such a tool as they don't understand the risk, but for those of you out there who regularly visit sites that you may not trust, it is a great help.

b4real
b4real

Too many others out there won't do that, but it is good that TweetDeck is on it.

b4real
b4real

I would like it "E-Z"

Editor's Picks