Demystify the URL Shorteners

Short URL URL shortener on-line services are very helpful. You probably already use them every day. With mobile Internet and micro-blogging services like Twitter , it’s much more convenient to use short URLs.

But the downside is, once again, the bad guys who quickly understood the opportunity of new type of attacks. It’s so easy to hide a suspicious URL behind a shortened one. Who can tell the difference between “bit.ly/abcdef” and “bit.ly/uvwxyz” ? People suffering from “clickmania” are the first victims!

That’s why it is recommended to adopt a safe behavior and to not open a shortened URL if you’re not 100% sure that the hidden address is safe. And who can claim to be sure? Some applications propose a quite good support of those services. They automatically decode and show you the original site. A good example is the Twitter client, Tweetdeck:

Tweetdeck Screenshot
Click to enlarge

There are also plug-ins for different browser which decode shortened URLs on the fly:

But, some services offer a very nice feature which does not require any extra piece of code. Examples? If you would like to visit a short URL coming from bit.ly, add a “+” sign at the end of the URL and you will be redirected to the corresponding statistic page showing you the real URL and the number of hits. Same feature for is.gd but this time, add a “-” sign. I suppose that other shortener services support the same feature.

Finally, some sites are fully dedicated to URL decoding, like prevurl.com. It decodes URL and displays a thumbnail of the original website. Use it by adding your URL as argument: http://prevurl.com/?url=http://is.gd/w or by filling the form.

Don’t forget, “+” is your best friend on bit.ly! 😉

2 comments

  1. the ‘+’ is especially useful when typing in a bit.ly URL (say, if you’re scanning Twitter for interesting articles, but want to look at it on your PC) since they don’t forbid ambiguous characters. i’ve typed in a lower case L when the URL really had a capital I and went to the wrong web site — which gives spammers a real opportunity — troll a popular source of bit.ly URLs and manually request names that are ambiguous (l/I/1 or 0/O or 5/S, etc). note that although you can tell that they are different here, not all popular fonts will show significant differences.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.