

URL Shorteners are evil, here's one to prove it. - secos
http://mug.gd

======
there
i'm still waiting for malware to propagate by a shortened url that goes to a
legitimate site, builds up credibility (retweeted, etc.) and then is swapped
out on the shortening site to start redirecting to a different page that looks
like the original but does some drive-by download or exploits a zero-day
vulnerability.

there would be hundreds of inbound links pointing to it coming from trusted
sources, and could even use a legitimate shortener like bit.ly but just make
the bit.ly link direct to some other shortener that nobody would notice
(because the browser redirection would happen so quickly), then do the switch
at that second shortener.

~~~
Semiapies
Or maybe do the same with some kind of internet forum where people blindly
click on the links.

~~~
pyre
Or do the same thing with the link to your 'awesome' blog post... Or change
the IP on your domain/subdomain to point somewhere else...

------
CrazedGeek
Phishing has never been more fun!

Anyway, here's my feeble attempt: <http://mug.gd/96W>

~~~
timf
spatial points?

~~~
CrazedGeek
Eh, I couldn't think of anything clever for points. (I did say feeble...)

~~~
timf
ah, I just thought the "uninteresting" part was the mug and spatial points was
some HN greasemonkey feature you had...

~~~
CrazedGeek
Oh, there's a lot more I changed than that.

------
metra
Can't you just look at the location bar and see that the url is still mug.gd?

Or is this a joke and I missed it?

~~~
tolmasky
I think the idea is that a lot of these url shorteners now also include their
bars on top.

~~~
olliesaunders
Oh gawd, I really hate that.

------
gvb
Oh man, that came at a good time.

The previous HN story is "Korea's Internet Is Mired in a Microsoft Monoculture
(chosun.com)" so I did a URL shortener substituting [company] for "Korea." The
only problem was that I could not selectively substitute for both "Korea" and
"Korean" (I tried ordering them, didn't help), so Korean became [company]n.

Mug.gd doesn't say how long the shortened url lasts, so I hope my gentle
readers click the link before it rots. :-/

~~~
jjs
Can you recursively mug a mug.gd link?

------
lupin_sansei
they are also bad in that if one goes out of business or loses their database
all the links on the web that use the shortener stop working forever

~~~
RevRal
I think this is the best point against URL shorteners.

~~~
megamark16
I'll second that. The whole point of the internet (at least as I see it) of
linking relevant documents together is pretty much lost when those links are
fragile shortened urls. Maybe if there was a markup, similar to the img alt
tag, that allowed you to say "Here's the short one, if that doesn't work,
here's the full one".

The real issue, as I see it, is that people solved the wrong problem. I see
this a lot at my new job, where they created bigger problems for themselves by
asking the wrong questions and therefor solving the wrong problem. Isn't the
main reason people use shortened URLs so that they can link to things on sites
like Twitter where every character counts? If that is the case then the real
problem isn't that URLs are too long, it's that Twitter counts them against
you, instead of allowing people to put actual hyperlinks (you know, <a
href="xyz">Title</a>) in their tweets. If the only part that counted against
your character count was the Title section then we wouldn't have this problem.
They could even simplify the markup somehow to make it more user friendly then
actual HTML.

If I've misunderstood the problem that URL shorteners are trying to solve then
I apologize for my off the mark rant.

Thanks Mark

~~~
workhorse
Mark I think the problem is the 140 character limit.

The HTML markup would be included in that. Twitter takes a website address and
turns it into a link when it is displayed on their website.

But if a Tweet is sent via a mobile phone, they are limited by the 160 (I
think that is the SMS limit). So HTML markup counts.

Which is why using a shorter URL is key.

~~~
arohner
Wait, you're telling me that "the best new protocol" and "the future of the
internet" is being held back by the telcos, the most hated, slow moving,
bureaucratic companies on earth?

Sounds like we need push email.

------
GBKS
Not all are evil, try Hapylink at <http://hapylink.com>

------
Goladus
Trust is a powerful thing. You can get a lot more done when you have trust. It
would be a shame to break that trust for no real reason other than it seemed
like a clever idea at the time.

~~~
secos
The trust you speak of is an illusion. Security through obscurity at best.

I would rather warn of the dangers.

~~~
Goladus
Trust is a risk. Illusion really isn't an appropriate term.

Although in this case it's a somewhat peripheral issue, I realize there are
other issues.

------
fbailey
I noticed that one URL shortener is engaging in massive Cookie Dropping, as
soon as you click on a link you add 50 affiliate cookies ... nice business
modell, not so nice service

~~~
dc2k08
Which one?

------
tzury
Use Firefox's extension LongURLPlease <http://www.longurlplease.com/> and
bring some sense into all these tweets

~~~
buster
now that's a neat plugin. Wish i'd be for chrome too, though. Nice anyway :)

------
algorias
Beaten with their own weapons:

<http://mug.gd/l5g1W>

~~~
bradgessler
I just made them an awesome and fun URL shortening service!

<http://mug.gd/IUyt0>

------
ramchip
Amusing example :) I wasn't aware just how many posts on TC are about Twitter.

~~~
secos
Yeah, I picked that because no matter what time of day or week you look at the
site, there is /always/ a Twitter post on the front page of TC.

------
eam
I have always been hesitant on clicking shortened URLs. I have trust issues.
It's almost like a box of chocolate, you never know what you're going to get!

~~~
jusob
Then it is time for you to use a safe URL shortenner: <http://safe.mn/> :-)
IE, these URLs could lead to a "dangerous" website, but you are warned before
reaching the final destination: <http://safe.mn/-M> <http://safe.mn/WP>
<http://safe.mn/TU> <http://safe.mn/Te>

~~~
jerf
This is a mighty strange time and place to be pitching a URL shortening
service.

~~~
pyre
_No_ publicity is bad publicity!

------
simonw
I dislike URL shorteners because they increase the chance of link rot. mug.gd
doesn't prove they are evil though - it proves that links are evil.

~~~
secos
very good point. That is basically what I am after... they hide the true
origin and intent when they hide the content in an iframe.

------
begemot
Isn't it a bad idea to retrieve any url since then an attacker could use this
service to sql inject without leaving his IP on the victims log?

~~~
JoachimSchipper
Meh. There are plenty of open redirects out there anyway, and using one you
made yourself has the disadvantage that you'll be visible in the Referrer
logs.

------
techiferous
"URL Shorteners are evil"

That's why I always use <http://www.hugeurl.com/>

~~~
kree10
I am partial to <http://urlshorteningservicefortwitter.com/>

------
ivankirigin
Astoundingly, twitter isn't anywhere on TechCrunch. Sign of the end of times,
right?

------
naz
Cool idea, terrible implementation

~~~
secos
What do you dislike about it? I know its not the best, and would love critical
feedback on how it could be better.

~~~
naz
It immediately displays a bar at the top of the altered page making it too
obvious

~~~
secos
I was going for obvious. There is (currently) a way around that. I say
currently because I have updates to fix it.

I know this would be a "fun tool" for some people to play jokes and pranks on
other people, but cannot in good conscious let that happen without /some/
level of indication.

------
BigO
madlibs anyone?

------
lloydarmbrust
Both Facebook and LinkedIn also do this with external links from their sites,
but that makes sense coming from M$-esque companies.

I guess this is a good point though, as twitter will automagically shorten
URLs that you enter anyway.

