nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Scammers use Google Maps to skirt link-shortener crackdown

Facepalm

Why? Just why?

Why do we need link shorteners anyway. Handy if you have to type a URL in by hand but it's a machine that is happy handling long URLs in links. I want to see where the link goes FFS. That and email links where the underlying URL doesn't match the text that looks like a URL. Even UK police do that in their email warnings about scams.

23
1
Silver badge
Pint

Re: Why? Just why?

Maybe because of http://www.thelongestlistofthelongeststuffatthelongestdomainnameatlonglast.com/wearejustdoingthistobestupidnowsincethiscangoonforeverandeverandeverbutitstilllookskindaneatinthebrowsereventhoughitsabigwasteoftimeandenergyandhasnorealpointbutwehadtodoitanyways.html

7
8
Silver badge
Pint

Re: Why? Just why?

= https://goo.gl/LZsB6b

5
2

Re: Why? Just why?

One of the reasons the URL shorterners came because of character limitations of some messaging systems, e.g. Text messages & Twitter.

15
0
Anonymous Coward

Re: Why? Just why?

But is that not what DNS is for? If your Human readable version of the ip lookup table to your webpage is not Human readable... you.are.doing.it.wrong.dotcom!

6
6
Silver badge

Your crime: Being Other

It's a good thing people don't often get together to decide complicated matters that they have no actual experience or involvement in using or operating.

Imagine the trouble that could cause!

12
0
Silver badge

Re: Why? Just why?

It's handy when some forums, email clients, messaging systems break the VeryLong URL into bits to fit on each line and only the first bit is given the anchor tag which borks the whole URL business.

I don't use URL shorteners and I never click on them anyway. If I can't see and know where they are pointing at I won't "engage the user experience" </MarketingMode>

17
0
Anonymous Coward

Re: Why? Just why?

> "Why do we need link shorteners anyway."

Ever tried typing in a link to a product page burried half-way down someone's web site, from a printed document? ;) The domain may be short, but the path may be quite long ...

2
0

Re: Why? Just why?

www.llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk perhaps...

10
0

Re: Why? Just why?

Link shorteners are required because Google ranks things higher if they have keywords in the URL, so you need to have long URLs which are then too long for other locations.

2
1

Re: Why? Just why?

Have you ever been in front of a class and tried to get 30+ students to go to the same long form URL within 10minutes? It is almost impossible. Herding cats is far easier.

5
0
Bronze badge

Re: Why? Just why?

Preferred use:

https://www.google.com/maps/dir/Menlo+Park+Caltrain+Station,+Menlo+Park, +CA,+USA/San+Francisco+International+Airport+(SFO),+San+Francisco,+CA+94 128,+USA/Young+Ct,+San+Francisco,+CA+94129,+USA/@37.6234356,-122.4719716 ,11z/am=t/data=!4m23!4m22!1m5!1m1!1s0x808fa4ae453a8637:0xa0d39978eada388 a!2m2!1d-122.1819487!2d37.4541935!1m5!1m1!1s0x808f778c55555555:0xa4f25c5 71acded3f!2m2!1d-122.3789554!2d37.6213129!1m5!1m1!1s0x808586e29c7dfb41:0 xb3504aa846853a9f!2m2!1d-122.4787696!2d37.7922186!2m2!2b1!3b1!3e0?shortu rl=1&dg=dbrw&newdg=1

Who could possibly want to use: https://goo.gl/maps/nyJ2bwBj3xT2

The issue is not utility - these things are useful. The issue is security and trust.

6
0
Silver badge

Re: Why? Just why?

i give students long urls all the time. input them on firefly fornpermanent ones or a word doc on the shared drive for others. it stops mistakes dictating an address as they simply click on it.

1
0
Silver badge
Pint

Re: Why? Just why?

Here: https://tinyurl.com/YouGuysNeedThisNow

1
0

Re: llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk

URI/URL should be limited to 8.3

If it worked for DOS, it can work for the web: www.llanfa~1.co.uk

No need for link shortening - it's already part of the name.

2
0
Facepalm

Links are already short

If your going to shorten the link to something unreadable and unmemorable, why not cut out the middleman?

You could use something like https://255.255.255.255 for instance.

6
4
Silver badge

Re: Links are already short

The IP address is not guaranteed to always point at the same website, and many websites can have the same IP address.

In any case, the path after the domain name is often much longer than the domain name.

8
0

Re: cut out the middleman

because multiple websites are routinely hosted on a same IP and only distinguished by domain names.

4
0
Silver badge
Joke

Re: cut out the middleman

That's easy to work around, just set them to 127.0.01

0
0
Anonymous Coward

If the URL shortening service dies or goes offline, you have no idea what the link points to by looking at it.

For instance, bit.ly: the .ly TLD is controlled by the Libyan government. I think there was a period when that went offline due to the chaos in that country at the time.

9
0
Silver badge
Paris Hilton

API?

The article says that scammers are using the Google Maps API. Then further down it says that it is difficult to police because it doesn't rely on a Google API.

I is confused.

10
0
Silver badge

URL shortener wouldn't have such a bad reputation if you didn't know where you were going until it's too late. If they at least told you up front where you were going (or at the least didn't block look ahead with ad walls), people would be more accepting of them.

6
0
Silver badge

The only way to find out where a particular short-URL goes is to try and access it, so either your browser would have to try and access every URL in a page before you read it, or there'd have to be a list of URL shorteners so that the browser only had to check out some of the links on the page.

1
4
Bronze badge

Browser add-on like Unshorten.link or similar?

5
0
Linux

my URL shortener does let you see where you're going

curl https://xza.fr/$/TESTX

^ that's as simple as it is with my new URL shortener: xza.fr

- all links expire after 100000 epoch seconds (approx 1 day)

- TLS v1.2 + perfect-forward-secrecy only with HSTS preload embedded in your browsers soon

- 100% javascript free

- open source

- no logs, other than default nginx settings !

- read more: https://xza.fr/public/htm/about.htm

i started working on it before google announced they were shutting theirs down !

0
0
Silver badge

Maybe

Maybe there's a market for a URL-shortening service that doesn't auto-redirect. Instead it pops up an alert giving the real target and asks if you want to go there.

It wouldn't help the gullible and/or stupid, who'd say "Yeah, of course I want to go to fakebank.com" or those who automatically click through warnings. But for some of us it would be useful. It might even be a way for goo.gl to keep going.

13
0
Silver badge

Re: Maybe

That's what I was bringing up earlier. If they spelled it out for you, then you have a chance to change your mind. It's the redirect-you-blindly that makes it all dangerous. If there weren't a legitimate need to handle moves, we wouldn't have to keep redirects in the HTML standard.

5
0

Re: Maybe

TinyURL offers previewing, though they don't promote it as much as they might. https://tinyurl.com/ybdhn32u autoredirects but https://preview.tinyurl.com/ybdhn32u will take you to a tinyurl.com page showing the destination.

It seems individual users can automatically preview all tinyurl links if they install a cookie in their browser. https://tinyurl.com/preview.php

3
0
Holmes

Re: Maybe

bit.ly does too, just add a plus symbol (+) on the end of any bit.ly link and you can see the full redirect url, the meta info for the redirect page and the stats for the number of clicks. Makes for interesting viewing when seeing how many people click on some dubious links on Twitter etc.

5
0

Re: Maybe

Tinyurl has the option to turn on previews so if you receive a tinyurl link you see the full URL giving you a chance to make your own mind up on whether to follow it.

Not a feature useful for scammers though so they probably don’t use tinyurl ;)

0
0

I use a different system

I know that short links are usually somewhat helpful, so I usually reserve a directory at root of the web server for such a system. For example, example.com/url/* is a shortened link, and I can make it clear what they'll see at that page and logical. People still know that it's my site they're contacting, and although the links may be longer than some of the shorteners out there, they can be quite short because there is no competition that drives up the key length and they will fit into tweets or short messages should someone want to send them.

3
1
Silver badge

Re: I use a different system

That's a thought at least. It could even be automated somewhat so that each public-facing page has some kind of random key to it which can then be internally spidered and symlinked in some "key" directory off the root to allow for shortened SMS-friendly URLs that still give you a good idea where you're going.

0
0
Anonymous Coward

Short URLs? Who needs em?

Damn hipsters and their confounded blazing link shortening widgets!

In *MY* day there were only 10 websites! And we knew them all by heart! Short URLs?? Let's talk about the short attention spans these under 40 hipsters have!

1
1
Silver badge

Re: Short URLs? Who needs em?

And I take it you had to hand-chisel every single address every time you had to change sites. To say nothing of virtual keyboards that kept misreading your touches and tiny little micro-keyboards too small for fat fingers...

0
0
Anonymous Coward

dangerous weapon when misdirected

marketing and staff training in a uk retail bank I used to work at was using shorteners for <internal> urls.

they didn't think of of the fact that the url shortener might get hacked and someone spin up a perfect copy of the website (as tends to happen with bank sites, don't y'know) with god knows what on it. that and putting info about internal DNS on public shortening service. fortunately infosec found out about it and killed it.

AC for the obvious reason.

2
0
Silver badge

Nothing wrong here

Just shorten these comments like this:

http://www.5z8.info/taliban-meetup_l1i6pi_racist-message-board

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing