Careful with Those Shortened Links

by Daniel Scocco

Tinyurl.com started the trend some years ago, and now URL shortening services are everywhere, from social bookmarking sites to mainstream media sites which have their own shortening engines.

In a web that more than ever moves at 140 characters at a time, those services are quite handy (especially the ones that let you track the statistics). Shortened links also have a drawback, however, which is the fact that you can’t see where the link is pointing. Bring malicious users into the picture, and you can see the security risks. There are websites that will try to inject malware in your system as soon as you visit it. Others that will try to set special filters in your Gmail account and so on.

If you want to be safe, therefore, only click on shortened links if you trust who created them. If you must or want click on a link but don’t know if it is legitimate, use a URL unshortening tool. There is one over at Sucuri.net that will reveal the real URL behind the link and make checks with Google and with SiteAdvisor to make sure the website is safe to be visited.

shortened-links

Do you know other tools that will do that? A Firefox extension that checks the safety of shortened links on the fly would be nice, but I haven’t seen one around yet.

Got Your Free eBook?


  • Subscribe to the Daily Blog Tips newsletter and you will be able to download the "Make Money Blogging" eBook for free.
  • You will also receive tips to improve your blog, strategies to make money and useful resources from around the web.
ebook cover

Related Articles

Subscribe

42 Responses to “Careful with Those Shortened Links”

  1. InternethowBlog on July 17th, 2009 4:34 pm

    I think this tool is really cool. To be honest I never trusted the shorURLs and always approached them with care. I never knew there were a tool which reveals the shortened URLs. Really cool. Thanks

  2. Sos Gospel on July 17th, 2009 4:57 pm

    Do you ever think if one of this “URL shortening services” point the link to other URL, or remove old links?

  3. Nicholas Z. Cardot on July 17th, 2009 5:18 pm

    Thanks for the tip. I didn’t know that was possible!

  4. Daniel Scocco on July 17th, 2009 5:19 pm

    @Sos Gospel, I don’t get what you mean.

  5. Tony on July 17th, 2009 5:25 pm

    Daniel, I don’t know if you’re familiar with Long URL Please (Firefox add-on). I’ve been using it for a while and it does the job – it works with a considerable number of shortening engines. It expands the url for you automatically so you can at least have a clue of where you’re heading to.

  6. Thoma Daneau on July 17th, 2009 5:28 pm

    LongURL Firefox Addon does that also :
    https://addons.mozilla.org/en-US/firefox/addon/8636

  7. R Edward Vernon on July 17th, 2009 5:38 pm

    Speaking of, we just developed a url shortening tool that actually scans the url against stopbadware.org using googles safe surf api database before it creates the url. It also creates a rdf statement for the goto url on the shortened link. Here’s an example:

    Original url: http://www.dailyblogtips.com/c.....ned-links/

    Shortened Link: http://sur.gd/daily-blog-tips

    RDF statement w/ custom fields: http://sur.gd/daily-blog-tips/rdf

    It also has stats for you link so you can see who/what/when and where your clicks are coming from.

    We’re actually going to launch it out as an open source platform and develop a wordpress plugin for it. That way you can use your own domain for shortened urls. This lets you brand your business instead of bit.ly or tinyurl and your readers will know it’s safe.

    Best of all it’s going to be free. Anyone can set up a free account there now and test it. It’s fully functional it’s just not prettied up yet. And we haven’t finished the wordpress widget.

    Cheers

  8. Steve on July 17th, 2009 5:53 pm

    Nice looking tool. First time I have heard of it.

  9. Ludwig Weinzierl on July 17th, 2009 6:12 pm

    The Firefox extension NoRedirect (https://addons.mozilla.org/en-US/firefox/addon/11787) might be of help here.

    It can preview/screen “shortened” URLs (e.g., TinyURL).

  10. Dan Cole on July 17th, 2009 6:55 pm

    If your running WordPress, then you can use post ids as short URLs. Then it has your domain name and your in control.

    I personally don’t care for short URLs as a visitor, because they don’t provide any information.

  11. Christina Crowe on July 17th, 2009 7:07 pm

    Thanks for the tip! I see shortened links everywhere. It’s good to know the dangers of such things and how to avoid them.

  12. Cheryl B on July 17th, 2009 8:23 pm

    Thanks for the heads up on the danger and the solution. I hadn’t even considered the danger. I do not understand those who create malware. I guess it’s the internet version of vandalism.

  13. Tamar Weinberg on July 17th, 2009 9:36 pm

    …or, if you have Firefox, use TinyURL decoder for Greasemonkey: http://userscripts.org/scripts/show/40582

    1. Install Greasemonkey
    2. Install TinyURL decoder
    3. PROFIT!

  14. John on July 18th, 2009 3:07 am

    I only click shortened links that sound humanly created. In addition, I look at the twitterers past updates. If they look like spam, I don’t click it.

  15. Melvin on July 18th, 2009 3:41 am

    you’re right. In fact a lot of people are using those url shortening service to rickroll people… LOLz…

  16. Obaid on July 18th, 2009 4:59 am

    I am very happy with using untiny

    http://www.untiny.ws

    it has a firefox add-on and a Gtalk Bot

    Untiny supports 164 tiny services

  17. Daniel Scocco on July 18th, 2009 8:40 am

    @Tamar, thanks for sharing that one.

  18. Daniel Scocco on July 18th, 2009 9:03 am

    @Tony and Thoma, I will check that one out, thanks.

  19. Boerne Search on July 18th, 2009 10:41 am

    Very true. I have been using tinyurl.com for years. Then when Twitter came out I saw people posting about it like it was brand new. I trust them, as I said I have used them for years. But it is a good idea to look up some of the ones you have never seen/heard of before. Thanks for the heads up. In the words of Randy Jackson “Good lookin out” :)

    Kane

  20. BloggerDaily on July 18th, 2009 12:30 pm

    Yes, it’s really dangerous to click without checking first what it is. Some shortened url brought me to malicious website and I really aware with shortened URL after that.

    Thanks for the information! I really hope there’s Firefox add-on to check the real source of the shortened URL.

  21. Brian D. Hawkins on July 18th, 2009 12:55 pm

    I just ran across one of those tools yesterday. I wish I had thought of it.

    Deception is a real problem with short URL services. I have a small tracking site and went to a ‘paid only’ service because of the abuse. It’s a pretty bad feeling when an attorney contacts you representing a large bank about a major phishing scam that’s using your service. I’ve had no problems since requiring a monthly fee via PayPal.

  22. Rocque on July 18th, 2009 2:58 pm

    Most people have already commented exactly what I wanted to share about shortened urls. I am a member of Orange Leads and they have a service now, too. (I did not put my affiliate link or shortened link). If you want to check that out, it would be interesting to know what people thought of it. If you want me to add my link to mine just let me know, and I will.

    Thanks for daily blog tips!

  23. Ajith Edassery on July 18th, 2009 4:49 pm

    Sucuri looks cool. Shortened URLs can be especially dangerous on twitter and email marketing services.

    Retweeted ;-)

  24. cam on July 18th, 2009 10:35 pm

    Thanks for the tip. Most of the tiny urls I come across are affiliate links but I will definately bear this in mind. Thanks again.

  25. Zemalf on July 19th, 2009 5:06 am

    Thanks for the Sucuri.net tip. I wonder if TweetDeck uses that or similar service through API, as I’ve liked the “preview link” feature on that a lot, as it shows the end URL of the shortened link just like Sucuri seems to do.

  26. George Serradinho on July 19th, 2009 7:30 am

    I am also worried about clicking on short urls, you have absolutely no idea where you are going. Thanks for listing Sucuri.net, I will see how they work and might even post about it.

  27. Klaus at TechPatio on July 19th, 2009 2:52 pm

    This reminds me. In a recent issue of the UK edition of MacFormat, a reader complained about TinyURL’s, also mentioning the same you do. But also that you could easily mistype the URL, sometimes the URL’s are case sensitive, so getting just one character wrong could send you to a bad site.

    I actually prefer tr.im for my twitter URL’s, it’s very short and it will “auto claim” url’s that you tweet when they are posted from your own twitter username. I don’t know if other services do that as well, I suppose they might.

  28. Tim | Inspiration Central on July 19th, 2009 6:33 pm

    I never thought that someone would point a shortened link to a malicious URL. It’s amazing what some people will do for almost no benefit whatsoever.

    Thanks for the heads up.

  29. Tehseen | Ijaar on July 19th, 2009 7:37 pm

    You can use http://www.DeTinyIt.com to see the full URL for any shortened one.

    You can also do http://preview.tinyurl.com/xxx to see the complete URL behind any TinyURL.

  30. GoBusiness101 on July 20th, 2009 1:23 am

    This is not good for those affiliate marketers. which i think they are using it right now.

  31. Chester on July 20th, 2009 2:27 am

    This is very useful post. Thanks for sharing them.

  32. Liane YoungBlogger on July 20th, 2009 6:15 am

    I was Twitter has that feature directly accessible in the account. Lots of cloaked spammy links now :(

  33. Tom Bradshaw on July 20th, 2009 10:20 am

    Thanks i hadn’t heard of Sucuri.net before now. TinyUrls are useful, although I don’t like it when newspapers or magazines use them because you can never remember them.

  34. Blog Ebooks - Claus D Jensen on July 20th, 2009 11:44 am

    Great advice. I have personally never heard of such an url unshortening tool before. So thank you!

    Greetings,
    Claus D Jensen

  35. Tom Brownsword on July 20th, 2009 5:03 pm

    Rex Swain has an awesome HTTP viewer that safely displays the contents of any HTML page in your web browser. It also follows redirects and shows where the redirect points to (and will do so even for multiple redirects).

    It’s a bit “geeky”, perhaps, but as a computer security pro, I love it and use it all the time.

    Here’s the link:

    http://www.rexswain.com/httpview.html

    HTH,
    Tom Brownsword, CISSP, GCIA, Security+, ITIL V3 Foundations
    (not to mention a blogger…!)

  36. Naomi Hamm on July 20th, 2009 6:09 pm

    You know that is real good sound advice about that, cause otherwise some of us internet dummies would never know,if someone in the know who does know and then we all know all because of this blog article. And thanks a lot to you for sharing this piece of advice that we all can use from time-to-time, as we do our internet blogging, research and etc……….Take care and great work on that info on what to do about it.

  37. Nickson on July 20th, 2009 11:07 pm

    If in case ur visiting them then its good to have “no scripts” firefox addon to make sure that u dont get attacked by some malicious script.

  38. vbb on July 21st, 2009 12:25 am

    Another way to get short URLs is hosting it on your own URL,say dailyblogtips.com/xcvf1 .It will not only be safe but also shows at least the main domain where you are going.But for that your own URL should be short-another reason to have shorter domain names :-)

  39. Ken Nicholas on July 22nd, 2009 3:40 am

    Very good points made here. I was recently running an ad on Craigslist [that was first mistake, perhaps] for my Sales consulting services. A VERY innocuous-looking email came to me, offering “Tips” for better marketing tools, etc.

    The note was ‘blind’, and just said, ‘May we suggest…?’, with a shortened URL. Out of normal instinct or reaction, I was one millisecond from clicking on it…exactly what these dirtbags are counting on us to do.

    Thank god I didn’t click on it…I hope YOU don’t either…!

  40. Darmawan on July 22nd, 2009 3:44 am

    Thanks for this great advice.. I never click on this shorten URL
    I’m afraid it takes me to malicious sites
    By using this tool, it’ll remove this concern

  41. Surveys For Money on July 29th, 2009 12:25 pm

    I can’t believe I didn’t think about how dangerous shortened url’s could be. Now that I am, Sucuri’s tool is great to protect against malware and the like. Thanks for sharing about them, I will definitely be using their tool in the future.

  42. Azterik Media on December 17th, 2009 2:22 pm

    Thanks for the link to the “unshortner”. This is going to be a great way to find out BEFORE visiting a spam website instead of afterwards.

Got something to say?





Sponsors

Say Goodbuy to AdSense web directory Performance Based SEO Flex Theme for WordPress 20% Off on Shared Hosting BlueSEO

Recent Articles