Careful with Those Shortened Links
Tinyurl.com started the trend some years ago, and now URL shortening services are everywhere, from social bookmarking sites to mainstream media sites which have their own shortening engines.
In a web that more than ever moves at 140 characters at a time, those services are quite handy (especially the ones that let you track the statistics). Shortened links also have a drawback, however, which is the fact that you can’t see where the link is pointing. Bring malicious users into the picture, and you can see the security risks. There are websites that will try to inject malware in your system as soon as you visit it. Others that will try to set special filters in your Gmail account and so on.
If you want to be safe, therefore, only click on shortened links if you trust who created them. If you must or want click on a link but don’t know if it is legitimate, use a URL unshortening tool. There is one over at Sucuri.net that will reveal the real URL behind the link and make checks with Google and with SiteAdvisor to make sure the website is safe to be visited.
Do you know other tools that will do that? A Firefox extension that checks the safety of shortened links on the fly would be nice, but I haven’t seen one around yet.
43 Responses to “Careful with Those Shortened Links”
I think this tool is really cool. To be honest I never trusted the shorURLs and always approached them with care. I never knew there were a tool which reveals the shortened URLs. Really cool. Thanks
Do you ever think if one of this “URL shortening services” point the link to other URL, or remove old links?
Nicholas Z. Cardot
Thanks for the tip. I didn’t know that was possible!
@Sos Gospel, I don’t get what you mean.
Daniel, I don’t know if you’re familiar with Long URL Please (Firefox add-on). I’ve been using it for a while and it does the job – it works with a considerable number of shortening engines. It expands the url for you automatically so you can at least have a clue of where you’re heading to.
LongURL Firefox Addon does that also :
R Edward Vernon
Speaking of, we just developed a url shortening tool that actually scans the url against stopbadware.org using googles safe surf api database before it creates the url. It also creates a rdf statement for the goto url on the shortened link. Here’s an example:
Shortened Link: http://sur.gd/daily-blog-tips
RDF statement w/ custom fields: http://sur.gd/daily-blog-tips/rdf
It also has stats for you link so you can see who/what/when and where your clicks are coming from.
We’re actually going to launch it out as an open source platform and develop a wordpress plugin for it. That way you can use your own domain for shortened urls. This lets you brand your business instead of bit.ly or tinyurl and your readers will know it’s safe.
Best of all it’s going to be free. Anyone can set up a free account there now and test it. It’s fully functional it’s just not prettied up yet. And we haven’t finished the wordpress widget.
Nice looking tool. First time I have heard of it.
The Firefox extension NoRedirect (https://addons.mozilla.org/en-US/firefox/addon/11787) might be of help here.
It can preview/screen “shortened” URLs (e.g., TinyURL).
If your running WordPress, then you can use post ids as short URLs. Then it has your domain name and your in control.
I personally don’t care for short URLs as a visitor, because they don’t provide any information.
Thanks for the tip! I see shortened links everywhere. It’s good to know the dangers of such things and how to avoid them.
Thanks for the heads up on the danger and the solution. I hadn’t even considered the danger. I do not understand those who create malware. I guess it’s the internet version of vandalism.
…or, if you have Firefox, use TinyURL decoder for Greasemonkey: http://userscripts.org/scripts/show/40582
1. Install Greasemonkey
2. Install TinyURL decoder
I only click shortened links that sound humanly created. In addition, I look at the twitterers past updates. If they look like spam, I don’t click it.
you’re right. In fact a lot of people are using those url shortening service to rickroll people… LOLz…
I am very happy with using untiny
it has a firefox add-on and a Gtalk Bot
Untiny supports 164 tiny services
@Tamar, thanks for sharing that one.
@Tony and Thoma, I will check that one out, thanks.
Very true. I have been using tinyurl.com for years. Then when Twitter came out I saw people posting about it like it was brand new. I trust them, as I said I have used them for years. But it is a good idea to look up some of the ones you have never seen/heard of before. Thanks for the heads up. In the words of Randy Jackson “Good lookin out” 🙂
Yes, it’s really dangerous to click without checking first what it is. Some shortened url brought me to malicious website and I really aware with shortened URL after that.
Thanks for the information! I really hope there’s Firefox add-on to check the real source of the shortened URL.
Brian D. Hawkins
I just ran across one of those tools yesterday. I wish I had thought of it.
Deception is a real problem with short URL services. I have a small tracking site and went to a ‘paid only’ service because of the abuse. It’s a pretty bad feeling when an attorney contacts you representing a large bank about a major phishing scam that’s using your service. I’ve had no problems since requiring a monthly fee via PayPal.
Most people have already commented exactly what I wanted to share about shortened urls. I am a member of Orange Leads and they have a service now, too. (I did not put my affiliate link or shortened link). If you want to check that out, it would be interesting to know what people thought of it. If you want me to add my link to mine just let me know, and I will.
Thanks for daily blog tips!
Sucuri looks cool. Shortened URLs can be especially dangerous on twitter and email marketing services.
Thanks for the tip. Most of the tiny urls I come across are affiliate links but I will definately bear this in mind. Thanks again.
Thanks for the Sucuri.net tip. I wonder if TweetDeck uses that or similar service through API, as I’ve liked the “preview link” feature on that a lot, as it shows the end URL of the shortened link just like Sucuri seems to do.
I am also worried about clicking on short urls, you have absolutely no idea where you are going. Thanks for listing Sucuri.net, I will see how they work and might even post about it.
Klaus at TechPatio
This reminds me. In a recent issue of the UK edition of MacFormat, a reader complained about TinyURL’s, also mentioning the same you do. But also that you could easily mistype the URL, sometimes the URL’s are case sensitive, so getting just one character wrong could send you to a bad site.
I actually prefer tr.im for my twitter URL’s, it’s very short and it will “auto claim” url’s that you tweet when they are posted from your own twitter username. I don’t know if other services do that as well, I suppose they might.
Tim | Inspiration Central
I never thought that someone would point a shortened link to a malicious URL. It’s amazing what some people will do for almost no benefit whatsoever.
Thanks for the heads up.
Tehseen | Ijaar
You can use http://www.DeTinyIt.com to see the full URL for any shortened one.
You can also do http://preview.tinyurl.com/xxx to see the complete URL behind any TinyURL.
This is not good for those affiliate marketers. which i think they are using it right now.
This is very useful post. Thanks for sharing them.
I was Twitter has that feature directly accessible in the account. Lots of cloaked spammy links now 🙁
Thanks i hadn’t heard of Sucuri.net before now. TinyUrls are useful, although I don’t like it when newspapers or magazines use them because you can never remember them.
Blog Ebooks – Claus D Jensen
Great advice. I have personally never heard of such an url unshortening tool before. So thank you!
Claus D Jensen
Rex Swain has an awesome HTTP viewer that safely displays the contents of any HTML page in your web browser. It also follows redirects and shows where the redirect points to (and will do so even for multiple redirects).
It’s a bit “geeky”, perhaps, but as a computer security pro, I love it and use it all the time.
Here’s the link:
Tom Brownsword, CISSP, GCIA, Security+, ITIL V3 Foundations
(not to mention a blogger…!)
You know that is real good sound advice about that, cause otherwise some of us internet dummies would never know,if someone in the know who does know and then we all know all because of this blog article. And thanks a lot to you for sharing this piece of advice that we all can use from time-to-time, as we do our internet blogging, research and etc……….Take care and great work on that info on what to do about it.
If in case ur visiting them then its good to have “no scripts” firefox addon to make sure that u dont get attacked by some malicious script.
Another way to get short URLs is hosting it on your own URL,say dailyblogtips.com/xcvf1 .It will not only be safe but also shows at least the main domain where you are going.But for that your own URL should be short-another reason to have shorter domain names 🙂
Very good points made here. I was recently running an ad on Craigslist [that was first mistake, perhaps] for my Sales consulting services. A VERY innocuous-looking email came to me, offering “Tips” for better marketing tools, etc.
The note was ‘blind’, and just said, ‘May we suggest…?’, with a shortened URL. Out of normal instinct or reaction, I was one millisecond from clicking on it…exactly what these dirtbags are counting on us to do.
Thank god I didn’t click on it…I hope YOU don’t either…!
Thanks for this great advice.. I never click on this shorten URL
I’m afraid it takes me to malicious sites
By using this tool, it’ll remove this concern
Surveys For Money
I can’t believe I didn’t think about how dangerous shortened url’s could be. Now that I am, Sucuri’s tool is great to protect against malware and the like. Thanks for sharing about them, I will definitely be using their tool in the future.
Thanks for the link to the “unshortner”. This is going to be a great way to find out BEFORE visiting a spam website instead of afterwards.
Comments are closed.