Monday, April 21, 2014

Be Mindful of Privacy & Security with Shortened URLS- Goo.gl Known Security Flaw Benefits Those who Know How to Use It

Most people have become accustomed to shortened URL's. The purpose is to take some long link, and make it much smaller in the number of characters. More devious usages of shortened URL's is to change a link to a porn website to something like www.bla.gl/sje so the viewer right away doesn't know where the link they are clicking is going to go. 

In the second scenario mentioned this has been a concern for some time, and there is an easy fix http://www.longurl.ORG (*See asterisk below for important longurl info) This website will allow you to enter any shortened URL, and show you where it leads to. Protecting you from accidentally clicking on a shortened URL that you wouldn't have clicked in the previous days of hovering ones mouse over the link to show where it leads.
"OLD" Style of checking destination of a link -
However, that no longer works for the reasons mentioned in the top paragraph. Here is an example of trying the same thing with a shortened URL:

Hovering cursor over shortened url shows
Tinyurl.com has implement a feature for those who are aware of the dangers of clicking on a shortened URL. In the above picture the red cursor is hovering over the preview.tinyurl link. When someone see a preview.tinyurl.com/ link they can click on the link, and it will bring them to a tinyurl page that shows exactly where that link is headed to.
Showing the TinyUrl Preview Feature with mouse hover.


There is however, one other danger that those should be aware of with using shortened URL's. In this case it doesn't come from clicking on the URL's, but rather shortening your own URL's. Some may use shortened URL's in various methods of semi-advanced encryption, however, this is much less advanced.

The websites hosting the url shortening services have access to the traffic data that comes from those links. How many clicks, what time, where they came from, who they came from, etc. This, however, should be common knowledge of users of these services, but what many users don't realize is that other users, the government, competing companies, can sometimes all gain access to these links as well.

For example, there is the shortening service provided by Google - goo.gl - allows ANYONE to access the information about that link, not just the original user/url shortener/host service. They boast about this on their website, so no one can ever say "but I didn't know that" or "that's invasion of privacy", however, Google knows full well that only those with the knowledge of how to do it can gain access to the analytics to any goo.gl link, and Google doesn't want to make that public knowledge.

  1. Take the following link http://goo.gl/zjLVsF 
  2. To check the safety go to longurl.com and enter it showing the link leads /polyxieon.blogspot.com/ (*it also shows it has one redirect. This is very helpful, for the people who think they can go backwards up a ladder of different shortening links to make it hard to find the original  link - think again, Longurl will trace it back, even if you used goo.gl to shorten original, then shortened that link with bit.ly then tinyurl, and so on)
  3. Take the original link  http://goo.gl/zjLVsF and add .info to the end so it becomes http://goo.gl/zjLVsF.info
  4. Enter that link into url bar, and there you have it all the information about the statistics of those who clicked that link. 
To avoid this use a shortner such as TinyUrl or Bit.ly. I prefer using Bit.ly because it allow me to track the analytics of my shortened urls without having others able to access so easily as with goo.gl

2 comments:

  1. Did you know you can create short links with Shortest and earn dollars from every click on your short urls.

    ReplyDelete
  2. Thanks for sharing this interesting blog with us. My pleasure to being here on your blog. I wanna come back here for new post from your site.

    custom short urls

    ReplyDelete

Disclaimer

A new disclaimer is currently being written, and will be posted in this space when available.