Short URLs, trust and security
A recent episode of the For Immediate Release podcast — I believe it was show 486 — included a discussion about worms on Twitter and the connection with the (in)security of shortened URLs shared online. As FIR co-host Shel Holtz alluded to, even if you trust the sender or sharer of a shortened URL, those links — which mask the destination with a simpler, shorter tinyurl.com or bit.ly address — are fraught with danger. Or, at least, potential danger.
This is something I’ve discussed more than once with my friend and local code wizard Garrick Van Buren. He’s built his own URL shortener, grv.me, that he uses to share stuff he creates. He’s done the same for MinnPost.com with its minnpo.st URL shortener, which the local news outfit uses to share its own stories on Twitter and the like.
Why? Trust. When you see a TinyURL, you have no idea what the link is going to point you to. Viruses, spyware, porn and all sorts of other unwanted or inappropriate stuff are just a click away. Sure, there are some tricks to help alleviate that problem, but what if you actually could trust a shortened URL?
That’s there grv.me and minnpo.st come in. Once you’re familiar with them — once their respective publishers introduce you to them — you can trust them as much as you trust their publishers. Because you know only Garrick can create grv.me URLs, there’s no virus at the other end. Coke, a client of ours, also created its own URL shortener — with trust being one factor and, I’m sure, the desire to control the technology rather than rely on someone else’s as another factor. (though we had nothing to do with the creation of this tool).
The need for safety and security online will not go away. Don’t worry: Smart people like Garrick will be here to help.
