URL Shorteners, should one be cautious?

Hi, my good forum friends,

One should not click shortenerd url’s right away. To know whether you can trust them use Long URL that knows how to handle hundreds of different URL shorteners, see: http://longurl.org/services &
http://longurl.org/ to expand shortened url.
Another service to use is expand my url dot com:
http://www.expandmyurl.com/
And in Google Chrome browser I use the long URL extension: https://chrome.google.com/extensions/detail/oldnehmjgfcannmkgkojafngdkhfkdpd
for other browser extensions: http://www.makeuseof.com/tag/5-browser-extensions-expand-shortened-urls/
article source author = Ann Smarty, posted by her on March 26, 2011

A nice write-up about the possible dangers of the use of shortened urls can be found here:
http://blog.mxlab.eu/2009/07/17/shortened-urls-the-real-dangers-behind-and-how-to-avoid-troubles/ (source: MX Lab News blog)

What is your view on the use of URL shorteners?

polonus

I hate them. There is no direct way to tell where they go, short of using other tools.

Malzilla, and Unmask parasites will catch the redirects. Since that is generally how they work.

I actually wrote a little about seeing what the links were a little while ago, after the MS typo that happened.
http://spgscott.wordpress.com/2011/03/18/are-you-sure-you-are-clicking-what-you-think-you-are/

Well… I need to use them in some places (signatures, etc.).
But, indeed, I’m very very cautious to click a sniped url…

I don’t think anyone needs to read a report about the possible dangers of the use of shortened urls. It should be common sense, you can’t see or tell what is going to be at the other end of the tiny url, etc.

I had the bit.ly FF add-on (to show the full url) for some time but the problem with that it only handles one area and was more of a pain in the rear than a help.

Whilst the longurl.org/ expandmyurl.com/ are handy, people will soon tire of having to open a site to check what the shortened url is.

So it has to be something like a multi-function ability to display most or all shortened URLs that is incorporated into the browser (ad-on or GreaseMonkey script) or people won’t use it.

http://downloadsquad.switched.com/2008/09/16/never-get-rickrolled-again-with-longurl/

Unfortunately there are more url shorteners than you can shake a stick at and it isn’t as easy to decode these short urls.

Hi DavidR,

As this then is so obvious, as you say, would you also be against the use of shortened urls where there is no use for them?
Or is it one of those things we have to come and live with?

polonus

No one is saying there isn’t a use for them but like most thing ‘obscurity’ isn’t necessarily ‘security’ and in this case is frequently used for malicious purposes.

The real problem is if you don’t have the underlying protection, web & network shields, use a browser capable of having NoScript (or its equivalent) and possibly RequestPolicy. Then it could be like playing Russian Roulette, the luck of the draw in where the link might take you.

The longurl.org site has a link to their firefox add-on (longurl_mobile_expander-2.0.0-fx.xpi), unfortunately it isn’t compatible with anything after FF 3.5.* Now it is possible to hack the XPI file and install.rdf file. Or create an easy access shortcut to the longurl.org site, I have done both for the image example.

So it is not easy for the average user to get real and easy to use help in this regard.

As I’ve said, I only use when limited characters impose that.
I’m looking for a good Firefox addon for it.
Polonus, do you have personal experience on FF addons?

@DavidR & Tech

I think of a more concrete case that users here in the forums are asked not to use them whenever this use can be avoided.
What would be your position on that?

@Tech - I use the “long URL” extension (based on the API) in Google Chrome and it is quite good, I switched from the use of Fx and flock browser (the latter now have been discontinued since April 26th) to the Google browser mainly, as soon as NotScripts extension and Better Pop up Blocker extension, etc. came available. The use of shortened URLs is a more recent issue (seen since a Tweet on them in Nov 2009, which in computer terms is “ages” ago, but I would say it is a rather new development).

polonus

Positive. Sure. Why shorten an url if it can be posted as a link with the [ url ] [ / url ] commands?
Wherever you do not have space limitation (characters), why use them?

I’ll test it soon. Many thanks.

If using firefox the hack I mentioned in my last post works fine with FF 4.0.1, see image example of your signature.

How did you get the popup?
Whatever I change, I can’t get it…
The extension is installed and running.

I just hovered over your link, the little hand in my image is the cursor changing when it hovers over a link. If the link is a shortened one it displays the full url.

I opened the .xpi with 7zip, extracted the install.rdf increased the maxversion value to 4.0.*, saved the modified file; copied it back into the open 7zip of the .xpi, accepted the change, closed the 7zip and installed the midified .xpi file and the rest is history.

Try restarting firefox again.

When I pass the mouse over my signature I already see the long url…
But I can’t see the snip one neither the popup.

Well the ordinary URL is displayed above what Firefox 4 is calling the add-on bar (formally the status bar), where URLs used to be displayed. Check your FF settings as you may have changed that option.

Also do you have a snipurl reader/add-on installed as that may well be overriding the other LongURL add-on ?

Where exactly?

I don’t think I have any other addon that manages urls…

See http://support.mozilla.com/en-US/kb/what-add-bar?s=add-on+bar&as=s#w_how-do-i-show-or-hide-the-add-on-bar for more general information. Edit also see this one which is relevant, http://support.mozilla.com/en-US/kb/what-happened-status-bar.

Then I don’t know how the full URL is being displayed on the bottom right of your screen. I don’t know if you have a snipurl account, if there are cookies involved, I just don’t know how this is happening.

I find URL shorteners to be obnoxious, and probably one of the biggest causes of my friends and family unintentionally downloading malware. I make it a habit to not click them, and if possible, request the full URL. I’ll sometimes dump them in longurl, but still, I try to stay cautious. Last I need is drive-by downloads making me waste a night hunting down a virus for myself or my friends.

tldr - URL Shorteners suck.

David, many thanks for your efforts.

You’re welcome, any joy though ?

No… Seems that the addons aren’t for me… I’m really not lucky with non-compatible addons.