

Twitter Displaying Expanded Short URLs Using 301 Lookup - DanLivesHere
http://www.centernetworks.com/twitter-displays-expanded-short-urls

======
brlewis
FriendFeed had this over 2 years ago:
[http://friendfeed.com/steverubel/54df8bf5/short-urls-
shared-...](http://friendfeed.com/steverubel/54df8bf5/short-urls-shared-on-
friendfeed-now-reveal-re)

------
wmf
Hopefully they improve this in the future by not showing the short URL at all.

------
jrockway
_it prevents me from ever clicking on a short link that will take me to
somewhere evil_

There are plenty of ways to trick people with links. For example, you can
register a domain called not-hardcore-porn.com, and then put porn there. Or
you can just poison some upstream DNS cache, and then facebook.com goes to
phishing-site.com.

The Internet is very insecure. Short links are the least of our worries.

------
teye
_"In speaking with a few colleagues, it appears Twitter is using the 301
redirect on the short URL to provide the mouseover with the full URL."_

Is this just a non-technical person attempting to inject a little detail into
the article? My first thought was, "How would I do this in JS?" and it took me
a second to decipher that sentence.

~~~
treyp
kind of. it's not done on the front end (js) but rather using some service on
the backend.

the phrasing of that is a bit weird, but they probably test until they no
longer get a 301 or 302 redirect and save the result. they print this result
on the front end as a title for the link and as an HTML5 data attribute
"expanded-url" on the link.

~~~
jluxenberg
I looked at doing this using Javascript in a browser extension a while ago,
and it's actually not possible to do for a couple of reasons:

    
    
      1) XHR cross domain policy prohibits requests to domains other than the domain the page loaded from
      2) the XHR GET method always follows a 301 redirect and returns the content at the URL.  The full URL is not made available.

~~~
RyanMcGreal
You'd have to write something on your server that does this, and expose it to
your client JS via a local URL.

------
DanLivesHere
Hootsuite has been doing this for a while with a + icon. Good to see Twitter
itself doing it.

~~~
treyp
similarly, search.twitter.com has had this using "(expand)" on the end of
links for some time. i'm not sure if this was part of the original acquisition
for that service or if they added it in after.

~~~
dmthompson
Also search.twitter.com matches search terms against both the expanded url and
shortened url.

------
meterplech
I also didn't notice this until today, but this is a great feature to prevent
spam and malware. Usually I feel like my Twitter feed is filled with people
and links that are moderately trustworthy, but that leaves everyone vulnerable
to someone hijacking a twitter account using firesheep or something else.

------
pierrefar
Any clue whether they are checking the destination URLs for malware? Using
perhaps Google's Safe Browsing API (
<http://code.google.com/apis/safebrowsing/> )?

