Are tiny URLs such as bit.ly safe?

Topic

New Reply

Here’s a question. It’s not really just IE< but this seemed the most sensible thread to put it in without cross posting. So:

"Are tiny URLs like bit.ly safe?"

We are always on the lookout for phishing messages, and we are always told to hover over the link to see where it is sending you, and to only trust websites that we know. But what if that website contained a URL of the bit.ly type? I have no way of knowing where it is going, do I? I can't prove before I click on it what it is supposed to do. So, are they safe – or are they a potential security hole that I should avoid like the plague?

Cheers from damp & soggy England.
Stuart

Reply | Quote

Replies

So, are they safe – or are they a potential security hole that I should avoid like the plague?

URL shortening services are subject to potential abuse; I think there have been cases of use to drive malware downloads.

The company behind bit.ly offers add-ons for Firefox and Chrome that expand the links so you can see the destination (see bit.ly Tools), but if there is one for IE (or Outlook, etc.), you’d have to find it somewhere else.

Reply | Quote

Stuart, read this http://www.edbott.com/weblog/?s=tiny+urls&search=Search

Reply | Quote

Very interesting, thank you.

Although I have to say, that I’m distinctly unimpressed by the bit.ly extension for Chrome. It doesn’t appear to do anything except prompt me to get an account. I don’t WANT an account – what I want to be able to do is to expand the link before I click on it.

As to the option of adding + or – to the end of the URL, couldn’t the folk who design these things have come up with a common standard, at the very least!

Reply | Quote

Other people have been working on this problem…

Chrome extension to get original of a shortened URL[/url] @ Devils’ Workshop (Chrome)

LongURL | Tools (Firefox extension and/or web API)

Check URL tool from Sucuri (web service)

Now… where is that add-on for IE that must exist somewhere?

Reply | Quote

Other people have been working on this problem…

Chrome extension to get original of a shortened URL[/url] @ Devils’ Workshop (Chrome)

LongURL | Tools (Firefox extension and/or web API)

Check URL tool from Sucuri (web service)

Now… where is that add-on for IE that must exist somewhere?

When using these type of services, presumably you reveal data about your machine, email account etc. Do you then run the risk of putting the email address that originally received the shortened URL on to a spammer’s “suckers list”?

Reply | Quote

When using these type of services, presumably you reveal data about your machine, email account etc. Do you then run the risk of putting the email address that originally received the shortened URL on to a spammer’s “suckers list”?

If you install a browser add-on, it has the ability to read all the same web pages you do. You should only use software and web sites you trust.

Historically, most shortened URLs have not been “personalized,” i.e., the full URL doesn’t contain identifying information such as email address or subscriber number. That could change in the future, but you won’t know unless you decode them. Assuming they are not personalized, copying and pasting the shortened URL into a web site for research should not reveal anything other than the usual information collected by web sites (such as your IP address and browser configuration).

Reply | Quote