
Transitioning Google URL Shortener to Firebase Dynamic Links - rey12rey
https://developers.googleblog.com/2018/03/transitioning-google-url-shortener.html
======
jmgao
I'm partial to ShadyURL: [http://www.5z8.info/start-
trojan_u9a9hm_aohell.exe](http://www.5z8.info/start-trojan_u9a9hm_aohell.exe)

~~~
forapurpose
Did you link to a malware executable?

~~~
loeg
> Don't just shorten your URL, make it suspicious and frightening.

------
russellbeattie
I wonder why Google is reusing the Firebase brand so much? It doesn't really
fit with messaging (GCM -> FCM) or links, among other functions. Seems like an
odd choice, even if the backend infrastructure/team is the same.

Reminds me of Microsoft reusing "Surface", or prepending "Live" to everything
once upon a time...

~~~
niftich
Firebase is their Mobile-Backend-as-a-Service brand.

The product they're driving customers to, Firebase Dynamic Links, is not
really a web URL shortener, but more of a bridge between URLs and in-app
links. In this light, it makes sense.

~~~
AznHisoka
I thought it was their repo of entities that was used for displaying Google
Knowledge results? Or the ecommerce product repo...

or am i thinking of totally different things? I feel like there are other
google products that end with “Base”

~~~
traek
That was Freebase, which was acquired by Google for use in their Knowledge
Graph.

------
yzmtf2008
Probably a good chance to inject this here:

You can build your own private URL shortener with AWS Lambda, for a dozen
cents a month [0]. I've made some modification to it so that it supports
customized short name, but the changes are trivial to implement. You could
(should?) also probably consider a short domain name to pair with it, but
those are also cheap ($10/yr, perhaps depend on the TLD).

[0]: [https://aws.amazon.com/blogs/compute/build-a-serverless-
priv...](https://aws.amazon.com/blogs/compute/build-a-serverless-private-url-
shortener/)

~~~
jasonjayr
URL Shorteners break the Internet[0] (2009)

With Google Or Twitter, at least, they have some semblance of permanence, but
with everyone hosting their own private shortener, will just lead to madness.

[0]: [https://blog.codinghorror.com/url-shorteners-destroying-
the-...](https://blog.codinghorror.com/url-shorteners-destroying-the-web-
since-2002/)

~~~
smelendez
Since then, URLs have even less to do with any real underlying directory
structure.

What's another level of indirection between the browser and your CDN, your
reverse proxy, your cache and your web framework?

------
samspenc
Total guess here: In addition to having two products that do the same thing,
I'm guessing they may want to distance themselves from goo.gl links since a
shortened URL with that domain somehow seems associated with Google and seems
more legit (as opposed to, say, a bit.ly or ow.ly link.)

~~~
niftich
This is highly unlikely to be true, considering Firebase Dynamic Links also
generates URLs where the domain ends in 'goo.gl' [1].

[1] [https://firebase.google.com/docs/dynamic-links/create-
manual...](https://firebase.google.com/docs/dynamic-links/create-manually)

------
sethammons
In regards to the shortener replacement, it might be nice for app developers,
but as a user, I loathe when a link that can go to a website tries to bring me
to the app install. I don't want to install your likely crappy, less
featurefull app.

------
smarx007
Google should give the whole dump of the redirects to the Internet Archive (or
at least stop banning their crawlers)
[https://archive.org/details/301works](https://archive.org/details/301works)

------
MR4D
This has been poorly handled.

I got an email for my company yesterday with one of these links.

Being security conscious, I hovered over the link and suspected a phishing
attack.

Given I work in finance, this was the only prudent move I felt I had.

Google is going to see a lot of that over the coming weeks if they can’t
improve their communication on this.

~~~
techsupporter
> Being security conscious, I hovered over the link and suspected a phishing
> attack.

> Given I work in finance, this was the only prudent move I felt I had.

At my place of employment, we are instructed to "hover to uncover" every link
in an e-mail. Yet every link I get from virtually any automated source reads
something like this:

"To accomplish the task you need to accomplish, simply visit us at h t t p s:
/ / example dot com / some / simple.url.html"

Yet the ACTUAL link is: "h t t p : / / linktracker9 . unrelatedentity4 .
subdomain . example dot io /
asdflkjawsfq3894gfjwerfgouiewjngwskuvhawesri7gfhwe4i7fghwefv /
qwerog9f8weh8w4fhw98ry2938hwf?utm_lol=hahaha&utm_more=roflcopter&utm_howabsolutelylongcanwemakethislink=shadyb1zn3zz&phishing=no&itscool=thisis_definitely_not_phishing&utm_feed=buzz"

I understand, but do not accept, why every link sending program on the planet
insists on doing this. It is broken and wrong.

~~~
sixdimensional
You've just given me an interesting idea for an extension to HTML itself - an
anchor tag / link type where the text displayed can and must only be equal to
the href value of the link. Additionally, any rendering client could render
such a link with a special visual cue, perhaps, to help the user understand
that the visible link text should equal the link href value and only the link
href value.

Could just be, maybe you could make an anchor tag which is like, <a
href="[http://www.google.com">](http://www.google.com">) without a closing
tag, and browsers know to render that where the text displayed equals the
value of the href. Additionally, clients could detect such links and give them
a visual cue to indicate they are "safe(r)" relatively speaking?

Just an idea that popped in when you said this.

~~~
AgentME
What if the page tries to position another element over the link? If you just
say that the safe-link has the highest z-index, then you'll have plenty of
awkward cases where it shows through stuff like sticky navbars/headings or
dropdowns that happen to be opened over them. And what would the browsers do
to show those links specially? Could a webpage do the same around their own
links?

~~~
sixdimensional
Yeah, those are legitimate problems, I agree.

I guess I was thinking, browser vendors and clients that care are already
taking measures to inform users if the URL they are browsing is safe / secure
(HTTPS enabled UI for example) - I was just trying to think of some way for
the HTML source itself to indicate "hey, the value of the href of this link
should be exactly 'X', and a user can see that relatively easily, and if for
any reason it is NOT 'X' then the link should not be trusted". I mean, the
clients could also take active measures to block such links as well... if the
"href" is not the same as the expected value for the href (or if it changes),
then the client disables the link automatically.

I don't think one would use the "safe-links" I described everywhere (like, not
in places where they would bleed through). I think they might be a special use
case, maybe for emails and clients that are rendering more document oriented
HTML as opposed to web-site/web application type HTML, although browsers could
certainly render them.

Of course, those clients would have to be trustworthy too.

I suppose rather than showing any visual cues that the link is enabled,
clients could just validate that... if they see a link like this (without text
or an ending anchor tag) -> <a
href="[http://www.google.com">](http://www.google.com">) then the one and ONLY
action the link can take is to navigate to the precise href specified, and it
would only render the text of the href as the content of the anchor tag.

So maybe a visual cue is not even needed - just enforcement by trustworthy
clients.

------
jakeogh
URL shorteners accelerate linkrot.

------
SeanKilleen
If you want a free OSS URL shortener for your own domain name, I built a
simple one at [http://xluh.co/repo](http://xluh.co/repo). Will be expanding on
it in the future.

------
kirubakaran
Since they will be continuing to honor existing redirects, do they gain
anything by disallowing new redirects? If it is engineering effort they want
to save, they can just stop developing new features, right?

~~~
niftich
Continuing to honor existing redirects is a relatively simple gesture of
goodwill -- it's absolutely what customers expect, it's good for the web, and
doesn't need a lot of ongoing effort.

Rather, it looks like they're driving people to a different product intended
for a different set of usecases [1]. They want to get out of the generic,
commodity web URL shortener business, and drive more of their customers
towards more purposeful destination forwarding.

[1] [https://firebase.google.com/docs/dynamic-links/use-
cases/](https://firebase.google.com/docs/dynamic-links/use-cases/)

~~~
duskwuff
Crucially, the new product is unlikely to be available through a web interface
(at least, without an account), so Google no longer has to deal with their
link shortener being used for spam and fraud.

~~~
manquer
Spammers would not be dettered by the need to use an API. Besides anyone could
build a frontend for accessing the API

