Be safe while using Shortened URLs

Written by Aravind Jose T.  |  under Featured, Fresh Insights
12 Comments

Ever since social networks came to the mainstream, “sharing over the internet” has been acquired new dimensions. Sharing interesting links has now attained the status of a hobby. People needed neat & simple ways to do this; and there came URL shorteners (services that creates a shorter URL from a given long URL). There are hundreds of them on the web (my favourites being lin.cr & is.gd. There are many more, like, moourl, tinyurl, url.ie etc.)

But, you should be aware of their malicious potential. Any service could be misused. The case is no different for shortened URLs. Malicious links could be contained in such shortened URLs, whose target link is unknown to the user. When tried to shorten an already shortened URL, the service said: “This usually means you tried to link to is.gd itself or another URL shortening site. Links to these sites are disabled to stop spammers hiding abusive links behind a chain of shortened URLs.”

Look at some of the possible threats:

The link associated with the LOGOUT button in Orkut is http://www.orkut.com/GLogin.aspx?cmd=logout. Now that link could be converted to something like http://ab.cd/ef Clearly, clicking on that link will log you out of the site. This is only a simple example. Think of situations where, these could be used to (yes) DELETE your account, gain ownership of communities, copy/modify your personal information, perform restricted operations etc.

Now you know how dangerous these could get. (It is when I wrote this post, I understood why Orkut and several other social networks delete those shortened URLs posted by its users!!)

But, these are extremely useful services (especially at twitter, where there is 140-character-limit) and shouldn’t be ignored because of such threats. I just wanted to say, be careful while following a shortened URL; you never know where it takes you or what it does!!

Update: I came across a GreaseMonkey Script that Restores a TinyURL and shows the original url in a tooltip on mouseover.
Update: Here’s a script that Automatically changes all tinyurl links to preview.tinyurl, so that you know where they are trying to send you.

If you want more URL shorteners than I listed, you may head here to read a long list of URL Shorteners: http://lin.cr/nu
(Don’t worry. This link is SAFE :) )
Lin.cr is created by Aalaap Ghag