Unshrinking Shortened Web Links
Social networking Web sites are contributing to an explosion in the number of services that help people convert long URLs into tiny Web links. URL shrinking services are especially useful on sites that place a premium on brevity -- such as Twitter, which limits tweets to 140 characters. But few online communities have made it easy for users to tell where the shortened links will take them, a reality that could be advantageous to phishers and other cyber crooks.
When I first began researching this subject, I was amazed to learn how many URL shortening services are available today (at least 90). Also, the lack of a built-in or standardized approach to URL shortening services within individual social networking sites adds complexity to the problem.
For example, many Twitter users shorten long Web links with bit.ly, but Twitter users are just as likely to see Tweets with links shortened by the services at ow.ly and tr.im. What's more, while bit.ly offers a Firefox add-on that lets users of that browser view at least a portion of the longer URL, I couldn't find any such offering or other easy way to view the long version of links at either ow.ly or tr.im.
As I continued to review the different URL shortening services available, I found that while many let their own users preview shortened links, many others don't provide that option at all. There are several sites that you can use to view a long URL by cutting and pasting a shortened link -- such as longurl.org.
The following are the more popular and versatile options, as well as a few approaches that work across multiple services and platforms.
TinyURL, which is among the longest-running URL shortening services, lets you automatically enable the preview of all shortened URLs. Just visit this page and click the "Enable Previews" link, and from then on TinyURLs will be converted into their longer form when you visit a Web page that features them. You must have cookies enabled in your browser for this setting to take, and you will need to set the cookie for each browser you use.
If you browse the Web with Firefox, I recommend an add-on called Long URL Please, which currently converts URLs shortened by 72 different services, including bit.ly, cli.gs, digg.com, is.gd, kl.am, ow.ly, tr.im, and tinyurl.com.
Long URL Please also works in Internet Explorer and other browsers: Simply add this bookmarklet to your bookmarks, and then click on it when you're at a page that includes shortened URLs to display the long URL.
Firefox users who are familiar with the Greasemonkey add-on may prefer the Tiny URL Decoder script (my preference), which also works with a long list of URL shortening services.
Expandmyurl.com is another bookmarklet approach that works across browsers.
Not everyone thinks short URLs are that big of a security threat. Johannes Ullrich, chief technology officer with the SANS Internet Storm Center, said he thinks I'm giving readers a false sense of security by recommending these lengthening services.
"Even without shortening the URL... do you actually know what you click on? What will be at that domain?" he asked in an instant message to Security Fix. "The real problem is that you will never know where you end up."
Ullrich is right, of course: Just because you know or think you know a Web site is secure doesn't mean it is free of hostile content. Still, call me old-fashioned, but I've grown accustomed to being able to see where I'm going by mousing over a link before clicking it.
What do you think, dear readers? Did I leave out any important services? Please sound off in the comments below.
June 9, 2009; 6:50 AM ET
Categories: Latest Warnings , Safety Tips | Tags: lengtheners, url shorteners
Save & Share: Previous: T-Mobile Investigating Data Breach Claims
Next: The Fallout from the 3FN Takedown
Posted by: timscanlon | June 9, 2009 7:19 AM | Report abuse
Posted by: axialinfo | June 9, 2009 9:15 AM | Report abuse
Posted by: mhenriday | June 9, 2009 12:13 PM | Report abuse
Posted by: tcronin-astaro | June 9, 2009 12:22 PM | Report abuse
Posted by: user4733 | June 9, 2009 3:25 PM | Report abuse
Posted by: conspirator5 | June 9, 2009 4:07 PM | Report abuse
Posted by: BTKrebs | June 9, 2009 4:21 PM | Report abuse
Posted by: jusob | June 10, 2009 12:00 AM | Report abuse
Posted by: jusob | June 10, 2009 12:12 AM | Report abuse
Posted by: bjkeefe | June 10, 2009 1:01 AM | Report abuse
Posted by: Rixstep | June 16, 2009 6:25 PM | Report abuse
The comments to this entry are closed.