Security and Privacy Implications of URL Shortening Services
URL shortening services replace long URLs with shorter ones and subsequently redirect all requests for the shortened URL to the original long URL. In this paper, the authors discuss and empirically analyze security and privacy risks caused by the use of URL shortening services. They empirically determine the most popular URL shortening services currently used on Twitter and analyze these with respect to malicious behavior, user tracking, ease of enumeration, and leakage of URLs to search engines. Also, they introduce a new attack scenario to enable SSL-only circumvention using SSLStrip and shortened URLs.