Feb
14
2011
URL Shortener. Solution or Security Risk ?

Ok i have to admit that large urls are un-friendly, difficult to share and sometimes have privacy info.
Url shorteners provide anonymity and a short-friendly url to use and share.

But they are also a security risk! Browser security is something that we take very light, but we shouldn’t!

When someone sends me a url shortener i have to use a web browser to click on it and see the destination page. With simple urls i have to just mouse over (firefox 3) to see the destination.
Sometimes people send me spam or urls that i dont wish to open or see.

I believe that the design of url shorteners is just wrong!
People should be able to see or even test the urls before they click and open on them.
Browser hijacking is one form of malicious code that url shorteners make it extremely easy !

An idea:

Like google’s “Instant is on”, a similar action should be done with url shorteners.
With mouse over (or whatever else you like) the destination domain/url should reveal to the client.
And then if he/she agrees to verify for open the destination url to a new tab/window.

A simple chrome/firefox extension shouldn’t be that hard.

Or you have a different opinion ?

  1. Avatar di Giorgos Keramidas Giorgos Keramidas

    Friday, February 18, 2011 - 09:46:06

    I would be <em>very glad</em> if an extension was written that recognizes links from 99.999% of the URL shortener sites and changes click-through behavior of browsers to pop up something like the link box of Google Docs: <a href=”http://twitpic.com/40zzcn”>http://twitpic.com/40zzcn</a>.

    This way when you click on a shortened link you get to <em>see</em> the actual link content and explicitly ask the browser to “yes, I really want to open this shortened link”.

    If the extension could also be configured to do the right thing for most shortened links and included exceptions for link-target patterns (e.g. exceptions of the verification popup, based on regexp matching of the <em>target</em> of the short link), it would absolutely rock!