[Cialug] TinyURL

Todd Walton tdwalton at gmail.com
Tue May 20 09:48:17 CDT 2014


Top posting to preserve the discussion below (since I'm resurrecting a
thread that not everyone will still have in their mailbox...).

http://news.netcraft.com/archives/2014/05/20/is-gd-goes-down-takes-a-billion-shortened-urls-with-it.html

is.gd goes down, takes a billion shortened URLs with it

The popular is.gd URL shortening service has been offline for more than two
days, taking with it more than a billion shortened URLs. Shortly before the
site disappeared on Sunday, the homepage reported that its links have been
accessed nearly 50 billion times.

The shortened links generated are usually not more than 18 characters long,
including the protocol http://. These links are commonly used in tweets,
emails, and text messages where long URLs are impractical. Despite the fact
the shortened links do not work, many previously-created is.gd shortened
URLs are still appearing on Twitter.

is.gd is owned by and supported by UK hosting provider Memset, who planned
to support it as a free service indefinitely. Notably, its sister site, v.gd,
is still up and running. Other free services provided by Memset include
TweetDownload, TweetDelete and the statistics calculator Tweetails.

For security reasons, both is.gd and v.gd disallow the shortening of URLs
which use the data: and javascript: protocols. Nevertheless, the service is
still abused by fraudsters who use the shortened URLs to direct victims to
phishing sites. Some fraudsters have appended a query string to the
shortened URL in an attempt to make it look similar to those used by the
phishing target. For example, the following is.gd URL was used to redirect
victims to a Taobao phishing site:

http://is.gd/Tb###U?2.taobao.com/item.htm?spm=2007.1000337

Throughout April, is.gd was the fifth phishiest URL shortening service. By
far the phishiest was tinyurl.com, which pointed to 17 times as many
phishing sites, making it account for 60% of all phishing activity amongst
the top five URL shortening services. Privately-held bit.ly, Google's
goo.gland GoDaddy's
x.co also pointed to more phishing sites than is.gd.

Three years ago, the is.gd service suffered a shorter outage of a few
hours. This was caused by the failure of some of the virtual machines in
its frontend cloud, which were responsible for accepting HTTP requests from
a load balancer.


On Fri, Jun 18, 2010 at 10:54 PM, Adam Shannon <adam at ashannon.us> wrote:

> Having a service (or services) to shorten a url that breaks in use
> (email, webpages...) is perfectly fine, but that service should only
> be giving the user the actual link, not directing them to the link
> they wanted.
>
> What happens when that short link provider goes out of business or is
> hacked, then I lose the ability to control where I will end up
> (negating anything on the link I'm trying to reach does) because I
> can't see where I'm going.  If the service is hacked and spreads
> malware than anyone with javascript or cookies allowed on that domain
> will be infected or tracked.
>
> In my view, short url providers should only be presenting a page for
> the user as to what the short link represents, the short link is not
> the same link and therefore shouldn't act the same.  It's a
> representation for another url.
>
> Thoughts?
>
> On Fri, Jun 18, 2010 at 17:26, Scott Prader <sprader at iastate.edu> wrote:
> > Sometimes a URL that takes up multiple lines can get cut off with a
> carriage
> > return inserted by some program, at some point.  When I see a link, I
> like
> > to think that I can click on it and not get a 404.  TinyURL fixed this.
> > What they don't do is auto-forward a 404 to archive.org, which tends to
> > cover what a downed URL can't, whether it's complete or not.
> >
> > -Scott
> >
> > On Fri, Jun 18, 2010 at 4:58 PM, Barry Von Ahsen <barry at vonahsen.com>
> wrote:
> >>
> >> 7 ff addons tagged 'unshort url', probably more under other tags
> >>
> >> https://addons.mozilla.org/en-US/firefox/tag/unshort%20url
> >>
> >> -barry
> >>
> >>
> >>
> >> Nathan C. Smith wrote:
> >> > Seems to me there could be a whole industry for a technology for
> >> > converting the various short-URLs back to long ones, particularly if
> the
> >> > tools and technology provide a means to mitigate potential risks.
> >> >
> >> > Don't bit.ly and others use a hash that stays the same for each
> >> > shortening of a reference?  So that if you shorten cialug.org and
> send it to
> >> > me I will get the same shortened url if I do it?
> >> >
> >> > -Nate
> >> >
> >> >> -----Original Message-----
> >> >> From: cialug-bounces at cialug.org
> >> >> [mailto:cialug-bounces at cialug.org] On Behalf Of Ed Meacham (@work)
> >> >> Sent: Friday, June 18, 2010 3:12 PM
> >> >> To: 'Central Iowa Linux Users Group'
> >> >> Subject: Re: [Cialug] TinyURL
> >> >>
> >> >> I love the idea of URL shortening services. Though, they
> >> >> definitely have instances where the use of one is more
> >> >> appropriate than others... I don't see the need to shorten a
> >> >> URL in an email, unless you're spreading "infectious-love."
> >> >>
> >> >> Rather than write off TinyURL/Bit.ly, I would blame improper
> >> >> organization and/or the sender not qualifying the details of
> >> >> the URL in the message.
> >> >>
> >> >> I see there is a plug-in for Thunderbird for converting a URL
> >> >> into a TinyURL... wonder if it has a reversal option? (I
> >> >> don't have Thunderbird installed on this machine to check) If
> >> >> not, a lookup plug-in might be a good project for someone. :P
> >> >>
> >> >> -emeacham (@work)
> >> >>
> >> >> -----Original Message-----
> >> >> From: cialug-bounces at cialug.org
> >> >> [mailto:cialug-bounces at cialug.org] On Behalf Of Todd Walton
> >> >> Sent: Friday, June 18, 2010 6:27 AM
> >> >> To: Central Iowa Linux Users Group
> >> >> Subject: [Cialug] TinyURL
> >> >>
> >> >> And another reason I hate this tinyurl thing... I know
> >>
> >>
> >> _______________________________________________
> >> Cialug mailing list
> >> Cialug at cialug.org
> >> http://cialug.org/mailman/listinfo/cialug
> >
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> >
>
>
>
> --
> Adam Shannon
>  Web Developer
>  http://ashannon.us
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list