Work in progress
Submitted by Alexis Wilke on Fri, 01/14/2011 - 19:29
If you've been around the Internet for some time, I'm sure you've seen a tiny URL. The name comes from the very first website that offered tiny URLs to the world. The service has always been free and has evolved quite a bit with time. Today, we have a name for such website service:
Although many people still refer the first company name for this service.
The idea is rather simple, it's easier to send a URL that's less than 32 characters rather than those at length URLs, especially those with random numbers (although the numbers are randomly generated, obviously, they have a meaning in regard to your usage of the site that gave you that URL and are generally called Session Identifiers.)
For example, there is a tiny URL for this very page:
Note that TinyURL.com also offers a preview system:
Now a days, hackers make use of URL shorteners to cloak their real website URLs. This is useful to them since that way you cannot easily determine the destination URL. At least, most website systems do not know how to do so for you.
Some URL shortener websites offer a protection by testing the destination URLs for different potential problems. This includes viruses that can infect your computer when you visit the site, spam littered web pages, wrong URLs (i.e. 404 pages), or URLs that generate a 301 error (i.e. redirects again.) Obviously, Google is one of those companies. The other one that I have seen at work is bit.ly. It did warn me for several of the pages that were shortened.
However, know that most of those URL shortener services do not do anything about the URLs they store.
A powerful cloak for hackers is a multi-level 301 error. The error simply indicates that the page is not exactly there, but the system know where you need to go to find the right page. So the 301 message is an error that includes a new URL (generally the long URL).
Hackers, by using multiple services in a row, generate many 301 errors in a row making it much less likely that automated software will detect a problem and automatically mark that URL as spam.
An interesting article about Twitter and shortener capabilities: Twitter Under Fire for Link-shortening Service Plans.