The main problem I and many others have with these services is that they add another attack vector, a potentially...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
unreliable redirect service involving additional DNS lookups and server hits sitting between the link and its destination. No one knows how secure or reliable these service providers are; they certainly offer no service-level agreement. Reliability and availability are key issues. Even with 99% uptime, that's still 3.5 days per year when these links won't work. It would also create additional points of failure for the Internet if everyone were to use shorteners. And don't forget that these providers are dot-com enterprises that could go bust and disappear overnight.
Another concern is that although many plain links aren't necessarily comprehensible. they are transparent; you can at least see the domain they will be taking you to. Shortened links offer no clue as to where they lead. In an attempt to monetize the service, you can easily imagine a provider starting to send pop-up ads along with the redirect, and we all know how annoying and potentially dangerous those are. If the shortener gets hacked or their domain is hijacked, it would be easy to set up a man-in-the-middle attack between the link and its destination, with every shortened link a potential malicious redirect. Given that recipients of these links would be getting them from trusted friends and relatives, the attack would be very effective.
Thankfully some sites, such as USA Today, that use long URLs are providing their own URL-shortening services, which keep the links within the control of the site itself. One improvement would be that shorteners only shorten URLs that exceed the 140 character limit. This or other safeguards are unlikely to come about unless there is pressure from users, and that probably isn't going to happen until there have been a few high-profile attacks exploiting link shorteners.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Michael Cobb
Many large enterprises have their own internal public key infrastructure. Expert Michael Cobb explains the considerations organizations should make ...continue reading
Network administrators typically resist policies for separate accounts when performing different tasks. Expert Michael Cobb explains the risk of ...continue reading
Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.