[nycbug-talk] The Security Implications of URL Shortening Services

George Rosamond george at ceetonetechnology.com
Sat Apr 4 13:57:28 EDT 2009


Andy Kosela wrote:
> Ray Lai <nycbug at cyth.net> wrote:
> 
>> http://unweary.com/2009/04/the-security-implications-of-url-shortening-services.html
>>
>> I post this because some people on this list (*ahem* George) love
>> tinyurl. I never understood why there's so much love for these
>> services. They introduce latency, obfuscate the target, and add a
>> layer of dependency: tinyurl, believe it or not, may go down!
>>
>> Thoughts?
> 
> Good read.  I never really liked those type of "services".  You don't
> have to be a mastermind to conclude that such shortened URLs can take
> you to a place where you don't want to go to.
> 
> "The most obvious risk associated with URL shortening is that it's
> difficult to know where the URL will take you, until you click it. The
> true destination of the URL is opaque."
> 
> Is there a way to check such URLs before clicking on them?
> 

wget?  Just a thought.

Can't traceroute a tinyurl.

Yeah, can't argue with the article, and always had my issues with 
tinyurl stuff esp masquerading the actual URL.  Even if it's valid, I'd 
like to know if it's worth my time.  Esp if Ray posts it ;)

But we all know that it has been a 'quick' solution to long sloppy URLs, 
and there's reasons that many people began using tinyurl and similar 
services *because* of technical lists. . .  I mean, even list archive 
links can be very long.

g



More information about the talk mailing list