URL Shorteners are bad!

Why you should not use an URL Shortener

URL shorteners, or „Short URLs“, are small links generated by free URL shortening services on the Internet. They are everywhere, but did you know that they can compromise your privacy and security and affect the way the internet works?

Services such as TinyURL.com, cli.gs, goo.gl, tr.im and bit.ly have become ubiquitous. We often use them without even thinking about it.

Why ShortURLs exist

The main reason URL shorteners exist is the human inability to design short, user-centred URLs. Because poorly designed URLs – often containing special characters – didn’t work in email communications, IRC channels, forum posts or web design, the concept became popular. Today, shortened URLs are particularly useful for microblogging technologies such as Twitter, where the number of characters that can be used in a message is severely limited.

As we continue to develop websites with poorly designed URLs (old school) and invent new ways of communicating on the web (e.g. microblogging), we are forced to combine old and new technologies. The result is, among other things, the existence of URL shortening services.

How URL shorteners work

URL shortening is a technique on the World Wide Web where a URL can be significantly shortened and still lead to the desired page. This is achieved by using HTTP redirection to a short domain name that points to the web page with the long URL.

Problems that URL shorteners can cause

The convenience that URL shorteners provide comes with potential and real problems, which I will explain below.

Added layer of complexity:

First of all, short URLs add an unnecessary layer to the way the internet works. There should be no reason to generate a URL for an existing URL. This has many disadvantages. Shortening the URL requires more requests each time it is accessed (at least one more DNS query and HTTP request), which increases latency, the time it takes to access the page, and also increases the risk of failure because the shortening service may be unavailable.

Rotten Link:

Link rot refers to the problem of expiring links if the URL shortening service stops working. In this case, all URLs associated with the service become invalid. This happens quite often, don’t let big names fool you.

Hidden destination address:

Short URLs hide the destination address. This means you don’t know where the short URL is taking you. Many spammers and scammers have used short URLs to fool users. go.to/banking-login does not necessarily take you to your bank account login.

This is often used by scammers for phishing attacks. They will set up a fake website (with some free webservice like Dynadot, Squarespace, GoDaddy, Google, Heroku, Webydo, Wix) that looks similar to your online banking website. By using a short URL the scammer is able to disguise the location.

Traffic hijacking:

Some URL shortening services hijack traffic (traffic theft). Imagine every third or fourth redirect having a different destination address or additional redirects. If you run a URL shortener yourself, that’s great. You can build traffic for your own sites, drive-by cookie downloads (cookie stuffing for affiliate marketing), or send trojans and viruses to users. The potential for abuse is huge.

Short URL blocking:

Some websites prevent the posting of short, redirected URLs to prevent spam.