SECURITY TIP: Preview Shortened URLs
URL-shortening services like TinyURL and Bitly are handy for a variety of reasons, but shortened URLs also represent a ubiquitous and very dangerous security vulnerability. You must use your head and technology to avoid becoming a victim of malware, phishers, and hackers when clicking on shortened URLs. Here's what you need to know...
No, it's not the name of a new TV show, and it has nothing to do with diminutive British aristocrats. Shortened URLs are simply website addresses that have been given a shorter alternative, to make them easier to type, share and manage.
Those blessedly short but cryptic URLs that redirect a clicker to an appallingly long URL are ubiquitous these days. Here's an example. I love Amazon.com, but they're one of the worst when it comes to really long URLs. The URL on Amazon's home page for the Kindle Fire 7" Tablet is shown in the image here.
Wow, that's over 180 characters, and a confusing mess when viewed by humans. It's impossible to share in that form on Twitter, which limits you to 140 characters; and if you paste that link into an email, chances are good it will get garbled. But a shortened version (http://goo.gl/6SQd72) which takes you to the same web page, is much easier to manage (and easier on the eye as well).
Even mainstream news media has gotten the clue; the Associated Press, hardly a bleeding-edge innovator, embeds shortened URL links to its original sources (sometimes, if it’s received copyright violation notices from the source). Many news organizations use shortened URLs, as well. In addition to the convenience of having a shorter URL, URL shortening services keep stats on how many times a link was clicked, so publishers can get insight into outbound clicks.
Many URL-shortening services exist and there are many browser add-ons to make using them a breeze. TinyURL is one of the oldest. Bit.ly is now the largest in terms of URLs shortened daily. Want to use Google’s goo.gl URL-shortener? Use this shortened URL to get the handy and powerful Chrome extension right here: bit.ly/UW97lu
The Problem With Shortened URLs
If you just clicked that link, the problem is demonstrated. You cannot tell what a shortened URL will do just by looking at it, as you can with many regular URLs. (The same is true of QR codes, by the way). You might end up downloading an invisible payload of malware; opening a remote-access link to your hard drive; looking at things you don’t want in your work computer’s browsing history, let alone your own memory; or meeting a nice young Nigerian prince who needs your help moving $50 million out of the country.
Another potential problem is that the page to which a shortened URL redirects can be changed. This can be good or bad. If there is a problem with the destination page, you just change the redirect to an alternate URL. But what if a hacker guessed the password to an AP reporter's Bitly account, and changed all his links to malware drive-by downloads?
How to Preview a Shortened Link
If only you could preview the full URL to which a shortened URL will redirect you without actually being redirected; then you could decide if it’s wise to proceed. All of the major URL-shorteners provide this obvious security precaution; here is how to do it:
Goo.gl and bit.ly – simply append a “+” (plus) symbol to the end of the shortened URL in your browser’s address bar and press Enter.
Is.gd – lets you append a “-“ (minus) symbol to the shortened URL in its effort to woo ironic, contrarian hipsters.
TinyURL – add the prefix “preview.” (with the dot) to the beginning of the shortened URL, e. g. preview.tinyurl.com/aSefG2o5. Sigh; TinyURL was once a brilliant innovation.
Some URL shortening services do not support previewing. I would eschew such security slobs, but if you must check out such a URL you can paste it into ExpandMyURL or LongURL for a safe preview. If you use QR codes on your smartphone, note that some of these solutions work for them, too.
Add-ons for Firefox and Chrome automate previewing of shortened URLs. Firefox users have LongURLPlease. Chrome users have two options: LinkPeelr and Expand. Opera users have Unshorten. Internet Explorer users have... the wrong browser?
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 15 Nov 2013
|For Fun: Buy Bob a Snickers.|
Can VoIP Service Replace Your Landline?
The Top Twenty
Avoid These Five WiFi Security Mistakes
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- SECURITY TIP: Preview Shortened URLs (Posted: 15 Nov 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved