Do Tiny URL Services Weaken Net Architecture?

Indus Khaitan writes "Thanks to twitter, SMS, and mobile web, a lot of people are using the url minimizers like tinyurl.com, urltea.com. However, now I see a lot of people using it on their regular webpages. This could be a big problem if billions of different links are unreachable at a given time. What if a service starts sending a pop-up ad along with the redirect. What if the masked target links to a page with an exploit instead of linking to the new photos of Jessica Alba. Are services like tinyurl, urltea etc. taking the WWW towards a single point of failure? Is it a huge step backward? Or I'm just crying wolf here?"

A related and important question

Such hacker services are intimately and irrevocably linked with the dangerous idea of so-called "Poxie servers" [shelleytherepublican.com]. These are highly illegal hacker tools which enable terrorists, spies, rap stars and other "free-thinkers" to hide their subversive activities from the FBI. As I learned from comments to that well-written and informative article, the worst offender is a nebulous and troubling underground program which goes by the shadowy name of "Apache".

So, what can we do against this, the greatest threat to our great nation in these post 9/11 times? Well, I have a modest proposal. We must impose our will by bringing in the death penalty [shelleytherepublican.com] for heinous hacker crimes and ban tools such as 'Linux' [shelleytherepublican.com] and 'Mozilla' [shelleytherepublican.com] which only have one purpose. You are either with us, or against us.

Re:A related and important question

I'm wondering... is that blog kinda satiric? Or are they serious?

10 years ago you would have automatically known the answer. In today's age, you really do have to ask.

Re:A related and important question

Your point is well taken, and very revealing.

The problem with these United States is that the leadership is dreaming up bullshit of what they think that others must actually be thinking, and worse yet, they now actually believe what they have invented.

Let's take torture for example: The Survival, Evasion, Resistance and Escape (SERE) manuals were designed to prepare soldiers, sailors, and marines for what *might* happen if they were captured. There was some knowledge of past torture techniques employed by enemies, but the manuals and the courses emphasized that there was no way to really know what might be encountered.

It makes sense, so far: "You'll be executing missions in a largely unknown environment, so we'll prepare you for the worst in case you are captured." We'll just skip over the psychological trade-offs for the sake of argument. At least they went beyond, "Just give them your name, rank, and serial number per the Geneva Convention." It was wisely recognized that not everyone respects the Geneva accords.

Recall that torture is widely recognized as a very unreliable method for obtaining accurate information. It is well known that gaining trust is far more effective--although there are many trade-offs to consider here, too.

Now let's examine the present torture programs: Someone has taken the SERE materials and skipped over the bits about whether or not the methods described are being used by presumed enemies. This much has been assumed to be true. The really foolish move was to use this assumption to justify the use of torture. Not only does this approach ignore the data which show that torture produces unreliable intelligence, it casts "enhanced interrogation" as a sort of revenge for imagined offenses. One has only to read the comments posted to news stories about torture to see that the justification for torture--and other atrocities--is the presumption that enemies have also done so. Perhaps it is naive to hew to the values which are taught in public school with public funds, but I believe that great nations and great people do not stoop to the level of those with whom we disagree. The philosophy of winning at any cost doesn't scale: What if winning costs you everything--or more than you have?

This is only one example of how terrorism has adversely affected governments and public opinion in what was once a group of free countries. I'm not saying that terrorists planned this in some grand scheme, but their actions have most certainly produced terror among those that we the people have trusted to exercise wisdom in place of fearful reaction. Imagining things about one's perceived enemies is, by definition, immature behavior. Would that we could actually have mature and sensible leadership, in place of sensationalist fools who lead the general population down a narrowing tunnel of darkness and distrust. I hope that the human race survives into another Renaissance, rather than fulfilling its own invented idea of an Apocalypse.

My father became very cynical in the wake of poor decisions he'd made, and began to blame others for what was his own responsibility. Within a decade of his death, he literally said, "People are out to screw you. You've got to screw them before they screw you."

He died bitter and penniless, having isolated himself from all of his friends and most of his family, in great pain, with profound regret, ravaged by the pain of cancer for which he refused to seek treatment, and confused by the spectre of Alzheimer's disease. It would appear that the grand experiment known as the United States of America is determined at present to make the same journey.

What you resist, persists. Eventually, you become what you resist.

Re:A related and important question

To borrow a term from one of the fine America-loving comments on that bulletin board, I think it would be appropriate to call "TinyURL" type services "Pixie Servers".

Re:I don't think they do

That's 281,474,976,710,656 different unique names that can point to somewhere on the web. Even if each eight-character shrunken name was assigned permanently then it is difficult to see how you could ever run out of names.

Did someone say that running out of names was a likely problem? Why did you even raise that issue?

So in short the answer is that these name shortening services are not going to damage the web - provided the links they provide are permanent

Let me rephrase that: "in short, the straw man problem I raised is not really a problem. There is no problem except perhaps for the real problem." Yes: the permanence of the link IS the issue raised by the summary above. What if these sites go down? What if they change their behaviour? What QOS have the people creating these links contracted for?

Another thing to chew on is what service does Google provide? To me, it's the ultimate URL shrinker. I remember one domain, www.google.com, and then from there I can go to anywhere else through a search-able database of links.

Yes but: if there exists another search engine with the same features and a similar algorithm to Google's, it can be used as a stand-in. But if I build a new URL shortening service and put it on a different domain, it is completely useless for interpreting pre-existing tiny URLs, because it lacks the database mapping hash keys to URLs.

Has Google damaged the web? I think the benefits out-weigh the problems. Search Engine Optimisation firms are damaging the semantics of the web in reaction to the power of the search engine but there can be no doubt that far more sites get exposure because of search engines than without them. On the whole, I'm willing to deal with Google spammers because the quality of the links is still high in-spite of them.

Now we're bringing search engine optimization into it. What's that got to do with the topic at hand???

URL shrinking services are the same. They have benefits and drawbacks. If you're listening to web-radio, it's far easier to give a shrunken URL which your listeners can jot down in a few seconds than spend thirty-seconds on a much larger URL.

Thanks doctor obvious. Yes, URL shrinking services have strengths and weaknesses. Like gasoline. And t-shirts. Let's discuss them instead of going off on tangents about SEO and hash space sizes.

The drawback is that the URL has no semantic meaning. I personally think the semantic meaning is less important than getting the URL out there.

This is a drawback for the user, but has nothing to do with net architecture. Please read the short summary above and discuss the topic at hand!

but what about links on the web itself

That is what he is talking about, NOT urls you get from verbal sources, presumably the verbol source for a shortened url would make sure that that url is valid when it is broadcast.

He is talking about links that are on the web itself, where there is ZERO need to make a url short. Your browser doesn't care how long the url is in the link you click on and for the poster there is an extra step involved in creating the short url so why bother?

tinyurl is a tool but some tend to use tools to fix problems that don't need fixing. If you build your website out of tinyurl links you got issues. It is not how the net is supposed to work.

Take slashdot, why on earth should the links in a story go via tinyurl? It creates extra data, it stops people from inspecting the url at a glance and for what?

The web already breaks down because so many sites keep changing the way their pages are organised so that old links don't work anymore. Try finding stuff that is a couple of years old, you start running headlong into the dead link mess. Not because the site itself is gone, but the site no longer can handle the requested url.

Why add another layer of complexity?

Use shortened urls when you got to give them verbally, but if the url is distruted across the net in the first place, what on earth is the point of shortening it?

Remember, if everyone uses tinyurl, all that needs to happen is that these servers go down for some reason and BOOM, there goes the internet.

Very smart people went out of their way to make DNS truly robuust and host multiple servers around the world to make sure the internet works, and then some idiots think that they should add another unneeded layer on top run by a tiny company?

Oh and another thing, most radio shows simply tell people to go to their own site and then click on the second story to get a url out there. What is an easier url Myradio.com read the second story OR tinyurl.com/3yaodz The myradio url will have been broadcasted countless times already as parts of the promo, in the case of webradio it is how you found the bloody radio in the first place.

With tinyurl you have to introduce a completly new url followed by a meaningless string. Yup, that is much easier.

No, the tool has its uses, but just because you got a hammer does not mean everything becomes a nail.

Change software!

If your security software doesn't take this into account, then you need to change your security software. I mean, what if someone made a popular web page, and then changed it to redirect to a malware infector website?

View URL before open it

With tinyURL, you can preview the URL before you open it. Example: http://preview.tinyurl.com/87d [tinyurl.com]. Just add the "preview." as a subdomain to the "tinyurl.com".
So yeah, you are crying wolf.

Re:View URL before open it

You didn't even read the summary, did you? The issue is that services such as TinyURL might start doing bad things, such as pop-ups, malware, and so on, or that they might be taken offline for a bit, causing many links to stop working properly. Who cares if there is a preview option when the service itself is compromised?

TinyURL offers a preview of the URL.

http://tinyurl.com/preview.php [tinyurl.com] I've had it turned on since the days of people hiding goatse.cx behind TinyURLs.

Re:TinyURL offers a preview of the URL.

It's people like you who take the fun out of the internet.

This also weakens Google pagerank.

This also weakens Google pagerank.

Don't use those services

Nobody knows how long exactly the service is made available. Please do some long-term thinking before using this, esp. in public forums. More than once, I couldn't follow those stupid mini URLs for whatever reason. They're just bad. More criticism: http://en.wikipedia.org/wiki/TinyURL#Criticism [wikipedia.org].

I only use them in e-mails

I'm not sure why you'd put a tinyurl on a web page, where you could just embed the URL in a link using href, like this [wikipedia.org] (oh, the temptation to link to goatse was great, but I resisted). Even if the URL had been enormous, it would not have changed the size of the "like this" hyperlink, and the full URL would have remained embedded in the page.

The only place where I use tinyurls is when I want to send links to people in e-mail, the recipients might not all be using HTML-based mail programs (or webmail), so the clickable link solution might not work, and the original URL is large and might get broken into multiple lines. Plus, when I send a tinyurled link, I always say what it is and swear to the recipients that it's not goatse or a Rick Roll [wikipedia.org]. Well, unless it is a Rick Roll, of course, but my favorite (OK, only) Rick Roll target has e-mail that can receive hyperlinks, and I find more clever ways to surprise him.

Tempest in a teapot.

Well... other media use Tiny URLs

I think people are forgetting about printed computer magazines - e.g. Linux Journal, APC, etc. They have a restricted column magazine format, and they often use TinyURLs when publishing links.

cry wolf young child, for no one believes you

The web is made of trillions of dead links right now. As it is I have to change some bookmarks because the authors have changed their websites and don't allow linking to certain sections. Whole websites go offline. Domain names expire. forums change. Even if it is nothing more than on a new server, Data is constantly moving on the internet.

If you expect all information to stay exactly where it was 5 years ago then you have misunderstood the web.

Mod me down if you wish, but if you can't tell the difference then you will never know the difference.
 

Re:cry wolf young child, for no one believes you

I think that's exactly the point the submitter is raising: Say you post a link on slashdot to some random website. When I stumble over your post, coming from a search engine, in five years, the chance for this link to still work is p(x), the probability of that random website remaining live for 5 years.

Now, if you used tinyurl for your link, the chance for the link to not be broken by then is p(x)*p(y), where p(y) is the chance of tinyurl surviving the next 5 years. Since p(y) is less than 1, this lowers your chance to send me this little piece of information forward to in five years time.

The internet is built on dense connectivity, with no single node being able to uniquely control access to a large part of the whole net. Tinyurl works against this principle. If someone switched off tinyurl now, 54 Million links [tinyurl.com] would break in an instant, all over the web, with no chance to correct them all automatically.

In other words, to return your ad hominem attack: If you expect Tinyurl to stay exactly where and what it is for the next 5 years, you have misunderstood the web.

Solution

A Firefox plugin that recognises a TinyURL (etc) and then uses a popup to identify in a tooltip the actual URL and title of the webpage. - ~~~~

Re:Solution

Oh for goodness sake. I can't believe I did it again. Using a Wikipedia sig to end a slashdot post. Gotta get off that wikicrack.

There are other worrisome web problems

The problem will be if the sites that redirect that URL go out of business or are unreachable for any reason. Then all of the URLs are broken. It would be like a a section of DNS melting. What would be even worse is if the URL redirect site never came back online. Its a risk for people using the service.

However, the latest problem I am seeing a lot of is scraper sites (that immediately redirect) from China. A couple more of them pop up every day and all they are doing is trying to lure clicks via a search engine, then redirect the websurfer to a hostile/ad-laden page when they click on the link.

I noticed it when somebody brought it to my attention about my site, but the practice has to be systematic. Try going to Google and search for "badmovies.org" entries in the last 24 hours. Bet you see a lot of obvious junk sites that end in .cn. It has to apply to lots of other sites, but I haven't done any experimenting. Still, all those sites are junk. They just clutter up the search engines.

Blame outlook or exchange..

...whichever part of the corporate email system that decides to stick hard line-breaks in. At 80 columns. Our staff send emails with long URLs, people complain they can't get to the page, the link gets reposted as a tinyurl...

  If the tinyurl people put a timelimit on the short link it wouldn't be so bad, since people would know it was purely temporary and so wouldn't use them in permanent situations...

  Need a perl script that 'de-tiny's your web pages - goes through the HTML files, looks for tinyurls, queries to find the real target, and edits the page.... Ah, except nobody's web page is a bunch of static HTML anymore.... But you get the idea!

Web was always single-point-of-failure

Do URL shrinkers make matters worse? Maybe. But on the other side the web has always been a single-point-of-failure architecture. If the webserver hosting your content is down, your content is no longer reachable on the net. Things get worse when you only have only a few webserver/provider that are hosting stuff, youtube, facebook, myspace and friends host a ton of content, if they ever go down, you lose a whole bunch of content. Sure, they have plenty of redundancy and are pretty stable so its unlikely to happen for longer periods of time. But you still hand over a hell of a lot of control to a tiny few companies.

Solution? Turn the web into something where you refer to content instead of servers. Request documents by their MD5/SHA1/whatever checksum and whatever server has that piece of content sends it to you. You no longer have a single point of failure. Freenet, Bittorrent and a bunch of other P2P tools are already doing it in one way or another, because it is simply a more failsafe and faster way to handle content distribution. The days where everybody had his own little webserver are long over and it might be time to start addressing this issue on a big scale.

Just ban long URLs

We should never have needed services like TinyURL. But certain insane webmasters went nuts and started creating URLs that were just way too long. All web sites should use only short and reasonable URLs with the path name part limited to no more than 12 characters. Shorter domain names and shorter email addresses would help, too.

urltea down

How ironic -- as of this writing, the urltea service is down. Slashdotted?

TinyURL in a web page?

Doesn't make any sense whatsoever if it's in an "A" tag. Can put any name on that anchor where people can click.

By the time one generates the tinyurl, one pasts it in the html code.

It's good for telling it somebody over the phone or in a hard copy document - the 6-something characters are much easier to copy off than the long links. That's short term use - anyone putting it in a web page is lazy and asking for trouble.

Sanity Check

Who are the primary users of tinyurl.com? Professionals? Corporations? No. Generally, it's a userbase very similar to the MySpace, YouTube, chat, and fan site userbases, and the world will not end if those links are broken. Well, except maybe for some nerds waiting in anticipation for the next batch of Britney Spears beach pics.

OK. So what if a corporation or government office is using tinyurl? Fire the IT staff. Do it now.

Last point. If you have a web host and you control the domain (or the path on the domain), it's rather easy to simulate tinurl. Example:

www.blahblahblah123.com/orders/products/listing/1/AYZHEKF/view.cgi?blah=blah&blah=blah&blah=blah&blah=blah.....

map to

www.blahblahblah123.com/1

use an Apache redirect, document.location = $url, or meta-refresh tag.

It's happened already

Currently, since a couple of weeks back, my previously favourite short-url service surl.se [surl.se] has been down.

Of course, that means that no short URL's handled by this service can be accessed anymore.

Compact URL Services As An AntiCensorship tool

These services are pretty useful for sneaking links past automated link censorship systems. The example I most commonly encounter is users who want to embed content on their myspace pages from sites like imeem.com [imeem.com], which is apparently such a threat to the myspace monopoly that you can't even mention the text 'imeem.com' on myspace. So people use it to make the imeem media players work on myspace (of course they have to use a service other than TinyURL because that's also banned by myspace for this reason). Now that's a pretty tame example, there are probably more important sites where the links get censored for information control reasons, so at least against one type of automated censorship the short URL services help strengthen the interner.

The solution:

Huge URL [hugeurl.com].

OMG!

What if a service starts sending a pop-up ad along with the redirect. What if the masked target links to a page with an exploit instead of linking to the new photos of Jessica Alba. Are services like tinyurl, urltea etc. taking the WWW towards a single point of failure?

What if the tinyurls start coming to life and jumping out of our computer monitors and strangling us? And then they recruit the help of Terminator robots from the future? And then the entire planet explodes due to death ray?

More seriously: As long as they work fine, people will use them. When they start not working fine, people will stop using them. That's all there is to it.