This URL shortener situation is officially out of control
I saw a URL today on Twitter to an article on Slate.com. It was a custom short URL - http://slate.me/1h0svt8 but since I was visiting it via Twitter, it was wrapped with Twitter's t.co URL, so I really started at http://t.co/sxSvcJnT2L.
When I visited it for the FIRST time, I got this lovely HTTP interaction. That's SEVEN HTTP 301s, count them, 7, before I get to the destination page.
It would have been 8 redirects if I'd counted t.co as well. Note also that after it bounced around three of Slate's URL shorteners, it also goes through goog.gl as well.
- t.co is twitter's URL shortener that acts as a "safety gate" that allows Twitter to shut down a bad URL at the Twitter level. This means Twitter can stop malware faster, they say.
- trib.al is a URL shortener that provides marketing analytics. They are bouncing me around in order to set marketing cookies because it's the first time they've seen me.
- goo.gl is what you'd think it is, it's Google's URL shortener.
That's a lot of back and forth just to get me a a web page. And getting me a web page is kind of the most important thing the web does. Redirects are being abused and I don't see any work happening in HTTP 2.0 to change it.
The second request to the same URL is better, but still frustratingly indirect.
Every redirect is a one more point of failure, one more domain that can rot, one more server that can go down, one more layer between me and the content.
Oh, and just to be obnoxious, I've created http://hnsl.mn/thisurlisverysmall to make the point. Tweet it!
If you prefer long URLs, you can also get to this post from
What do you think?
Sponsor: Big thanks to Mindscape for joining us and sponsoring the blog feed this week! I discovered Raygun.io and started using it for my side project and I LOVE it. Get notified of your software’s bugs as they happen! Raygun.io has error tracking solutions for every major programming language and platform - Start a free trial in under a minute!
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
I have always disliked shorteners because of the lack of transparency, "what" exactly am I clicking on etc...
You used to be able to paste in a link and see it get shortened automagically according to your settings. When I didnt see that happen, I was tempted to use me goo.gl extension on browser bar but refrained..
Sometimes it's worth it, but other times it sure isn't.
Oh, and you're always worth it.
I often play with the idea of a browser extension that resolves all of these for you when they appear on the page, then caches them. This wouldn't do much good for one person, but sharing that cache among all users could. If there were enough users, the metrics on these redirects would go way down, making them much less useful. Then maybe people would stop using them. Of course, that's just a new single point of failure. If it was hacked, you would have a nice place to inject some bad redirects. Ugh.
For twitter specifically, they solved the problem with the short-sighted solution adopted from the community where there was only the same short-sighted option. That is, instead of adopting an official url shortener, twitter should have allowed links to be added as metadata on a tweet. That way, it takes up no space in the message itself. That's the real solution that they should have adopted.
Then you could run an analytics campaign and use less characters than a shortened url.
This would be cute if it were the only time you'd use hnsl.mn, but considering you use it for all of your links it's just plain hypocritical.
Ninju - Thanks, fixed.
Adam - I should have him on the show. Good looking out.
So why criticise others?
The malware excuse is lame, they could scan the URLs anyway if they really wanted to do that.
The other reason for these short URLs are mobile phones, but banning the redirectors there would be only beneficial. They are a very common vector for various frauds here - e.g. you get a message saying that you have received an MMS with a link to go read it. That redirects to another page saying you have a voicemail (??) containing another link. And the last one is, surprise, tel://xxxx to a very expensive premium number ...
OK, the browser extension would generate traffic by it's own, but it could be worth it ("saving 20 billion redirects every day, and counting...")
Columbia, then three round-trips between Albania and Montenegro, and then to Greenland, with Mongolia and Libya in the mix too.
Metrics come from a link tracker. Most of these are link tracking. Marketing wants to know what you are clicking.
Do they redirect to the same host several times in a single request?
How can it protect you from a shortened URL when a URL shortener is effectively abstracting twitter away from the aqctual content.
consider the response if twitter were to check that URL ...
301 "http:// new url"
That's not helping anyone protect against malware!!!
I also wonder if part of the problem in europe is this new EU cookie directive that states you must make a mess of your web page if tracking anyone with a cookie, some of these redirects may just be "some user at IP xxx clicked link yyy" purely to get marketing stats.
Another example of politicians making technical decisions without understanding the problem !!
This handy helper has now been subverted to the dark side.
I "get" the multiple points of failure aspect. But, if the load performance hit is not noticeable to the average user, who cares?! The marketing machine bean counters are going to count their beans so the content (which we assume has some value) is going to be paid for.
Because she's being trained to click on links without knowing where they lead. And eventually one will lead to malware.
URL Shorteners are quite annoying also if they didn't have any preview functionality.
The internet is getting worse day by day...
officially out of control - Scott Hanselman < Liked it!
Just realised why my ISP is blocking links from twitter t.co url.
One workaround, in Chrome browser right click the t.co link to show the direct link
Now I think I will stick with putting the full URL in twitter.
Comments are closed.