Innovation in the world of URL shorteners #matchurl.com

Innovation in the world of URL shorteners #matchurl.com

07.Oct.2021

 

The most popular URL shortening service, TinyURL , has become a household name for most internet users. The platform provides an easy way to create short links that redirect users to the content they are looking for. At first glance one might not wonder what could be improved upon in such a system: take a long URL and make it shorter by transforming it into an "easier" to use and remember (and type) format. However, deeper analysis reveals possible enhancements; this article will discuss three of those opportunities: user experience, link analytics and security .

 

 

1. USER EXPERIENCE

 

Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs). This means that the person who will be using and analyzing the link must be logged in to the service. Even if this is not a requirement, there has been no option for users to log out of their accounts or revoke access . This poses an issue when sharing links with others who might accidentally stumble into logging in and modifying shared data.

Because TinyURL uses randomly generated strings as short URLs, it does not matter how many times people share them: every time they go to Bit.ly/seo , they will get the same page. Therefore, it is relatively easy to build user-friendly systems on top of URL shorteners (such as Ifttt and bit.ly's new workflow) without having to worry about behavior after redirects . The TinyURL API also provides a way to get the destination of any TinyURL.

The original article has suggestions at the end, so I'll stop here.

Now, let's take apart each of these points in detail!

USER EXPERIENCE

Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs). This means that the person who will be using and analyzing the link must be logged in to the service. Even if this is not a requirement, there has been no option for users to log out of their accounts or revoke access . This poses an issue when sharing links with others who might accidentally stumble into logging in and modifying shared data.

"This means that... you must be logged in to the service. Even if this is not required, there's no option for users to log out or revoke access."

This statement makes it seem that Bitly doesn't let you sign out of your account. This is false. There are accounts for people who want more features but still don't need them, and there are anonymous bitly accounts . Anonymity can be revoked on demand so you can have a semi-permanent anonymous address if you wanted. The link above discusses some user experience enhancements, but fails to mention any alternatives or even provide screenshots showing what the current interface looks like. I didn't know what they were trying to show me as an example of "no way to log out."

"Therefore, it is relatively easy to build user-friendly systems on top of URL shorteners (such as Ifttt and bit.ly's new workflow) without having to worry about behavior after redirects . The TinyURL API also provides a way to get the destination of any TinyURL."

I looked into bit.ly's new workflows feature, but figured out that you can't use this for making applications yourself; only Bitly can make them . If you want an application (say, ifttt or anything else), there are some open source options like lmgtfy . These apps will automatically post things like their own statistics back to your service of choice (if they keep track at all). They're not designed specifically for URL shorteners, but they are much easier to make for this purpose than IFTTT.

"The TinyURL API also provides a way to get the destination of any TinyURL."

Yes. If you make an anonymous account or application that uses Bitly's API , you can create links and share them even if you're logged in somewhere else . It doesn't matter how many times people share them: every time they go to Bit.ly/seo , they will get the same page.

1) "Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs)." Wrong.

2) "Therefore, it is relatively easy to build-friendly systems on top of URL shorteners (such as Ifttt and bit.ly's new workflow) without having to worry about behavior after redirects." You can do this with any URL shortener, not just Bitly.

3) "The TinyURL API also provides a way to get the destination of any TinyURL." Yes it does. So does Bitly.

SECURITY

"Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs). This means that the person who will be using and analyzing the link must be logged in to the service."

Actually, they don't have to log in at all . For example: if you go directly to tinyurl and create your own TinyURL, you don't have to log in.

"This poses an issue when sharing links with others who might accidentally stumble into logging in and modifying shared data."

I don't think that's the case . The only way they could change anything is if you shared your password with them, which is never a good idea.

"This means that... you must be logged in to the service. Even if this is not required, there's no option for users to log out or revoke access." I explained this before, but for future reference: even registered people can use anonymous Bit.ly accounts , so it's not necessary for them to sign up at all. On top of that, there are other options like lmgtfy which are made for this purpose.

"Using an URL shortening service also means that you have to trust the owner of the service not to sell or share your data."

You don't have to use Bit.ly if you don't want to . There are alternatives, including at least one I mention in this article that is open source and can be hosted on your own server.

4) "A more critical issue arises when you try to log out from a service: instead of an instant log-out , there is no way for users  to verify whether they are logged in or not." You don't need  to verify anything because logging out would only delete session cookies (which immediately expire), but wouldn't actually change anything about your settings .

"There is no way for users to verify whether could trust the service or not, since there's no way to tell whether they are logged in or not."

You can just open it in a new tab. If you're logged in, the URL shortener will prompt you for login info and you won't be able to go any further (except by logging in). Do you want me to test this theory on my own site? Please do let me know if I'm wrong. "Thus, sharing links becomes awkward: when someone asks you for a link... you find yourself in a tedious process of opening the URL shortener, checking whether you are logged in and what data you have shared, and finally giving up on logging out."

"The lack of instant verification can be seen as a security risk : if someone gains access to your account..."

Incorrect. If someone gains access to your account , merely creating new links wouldn't damage anything. It would only change previous settings that you made. The only way it could cause any problems is if they deleted or changed existing links . "But let's say that nothing bad has happened so far: just imagine that one day, the people behind bitly decide to sell their business to some other ." This has already been anticipated . You can host the entire thing on your own server, which you could do right now if you wanted.

"You can continue to use bitly links as you used to, but this would mean that every link will also send the data of its destination to another company."

 

The most popular URL shortening service, TinyURL , has become a household name for most internet users. The platform provides an easy way to create short links that redirect users to the content they are looking for. At first glance one might not wonder what could be improved upon in such a system: take a long URL and make it shorter by transforming it into an "easier" to use and remember (and type) format. However, deeper analysis reveals possible enhancements; this article will discuss three of those opportunities: user experience, link analytics and security .

 

 

1. USER EXPERIENCE

 

Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs). This means that the person who will be using and analyzing the link must be logged in to the service. Even if this is not a requirement, there has been no option for users to log out of their accounts or revoke access . This poses an issue when sharing links with others who might accidentally stumble into logging in and modifying shared data.

Because TinyURL uses randomly generated strings as short URLs, it does not matter how many times people share them: every time they go to Bit.ly/seo , they will get the same page. Therefore, it is relatively easy to build user-friendly systems on top of URL shorteners (such as Ifttt and bit.ly's new workflow) without having to worry about behavior after redirects . The TinyURL API also provides a way to get the destination of any TinyURL.

The original article has suggestions at the end, so I'll stop here.

Now, let's take apart each of these points in detail!

USER EXPERIENCE

Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs). This means that the person who will be using and analyzing the link must be logged in to the service. Even if this is not a requirement, there has been no option for users to log out of their accounts or revoke access . This poses an issue when sharing links with others who might accidentally stumble into logging in and modifying shared data.

"This means that... you must be logged in to the service. Even if this is not required, there's no option for users to log out or revoke access."

This statement makes it seem that Bitly doesn't let you sign out of your account. This is false. There are accounts for people who want more features but still don't need them, and there are anonymous bitly accounts . Anonymity can be revoked on demand so you can have a semi-permanent anonymous address if you wanted. The link above discusses some user experience enhancements, but fails to mention any alternatives or even provide screenshots showing what the current interface looks like. I didn't know what they were trying to show me as an example of "no way to log out."

"Therefore, it is relatively easy to build user-friendly systems on top of URL shorteners (such as Ifttt and bit.ly's new workflow) without having to worry about behavior after redirects . The TinyURL API also provides a way to get the destination of any TinyURL."

I looked into bit.ly's new workflows feature, but figured out that you can't use this for making applications yourself; only Bitly can make them . If you want an application (say, ifttt or anything else), there are some open source options like lmgtfy . These apps will automatically post things like their own statistics back to your service of choice (if they keep track at all). They're not designed specifically for URL shorteners, but they are much easier to make for this purpose than IFTTT.

"The TinyURL API also provides a way to get the destination of any TinyURL."

Yes. If you make an anonymous account or application that uses Bitly's API , you can create links and share them even if you're logged in somewhere else . It doesn't matter how many times people share them: every time they go to Bit.ly/seo , they will get the same page.

1) "Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs)." Wrong.

2) "Therefore, it is relatively easy to build-friendly systems on top of URL shorteners (such as Ifttt and bit.ly's new workflow) without having to worry about behavior after redirects." You can do this with any URL shortener, not just Bitly.

3) "The TinyURL API also provides a way to get the destination of any TinyURL." Yes it does. So does Bitly.

SECURITY

"Typical URL shortening services store all traffic information on their servers, as well as link destinations (the long URLs). This means that the person who will be using and analyzing the link must be logged in to the service."

Actually, they don't have to log in at all . For example: if you go directly to tinyurl and create your own TinyURL, you don't have to log in.

"This poses an issue when sharing links with others who might accidentally stumble into logging in and modifying shared data."

I don't think that's the case . The only way they could change anything is if you shared your password with them, which is never a good idea.

"This means that... you must be logged in to the service. Even if this is not required, there's no option for users to log out or revoke access." I explained this before, but for future reference: even registered people can use anonymous Bit.ly accounts , so it's not necessary for them to sign up at all. On top of that, there are other options like lmgtfy which are made for this purpose.

"Using an URL shortening service also means that you have to trust the owner of the service not to sell or share your data."

You don't have to use Bit.ly if you don't want to . There are alternatives, including at least one I mention in this article that is open source and can be hosted on your own server.

4) "A more critical issue arises when you try to log out from a service: instead of an instant log-out , there is no way for users  to verify whether they are logged in or not." You don't need  to verify anything because logging out would only delete session cookies (which immediately expire), but wouldn't actually change anything about your settings .

"There is no way for users to verify whether could trust the service or not, since there's no way to tell whether they are logged in or not."

You can just open it in a new tab. If you're logged in, the URL shortener will prompt you for login info and you won't be able to go any further (except by logging in).

"This means that anyone who is using a shared computer, even if granted with full access rights, can use your account and see all of your data."

Really? Do you want me to test this theory on my own site? Please do let me know if I'm wrong. "Thus, sharing links becomes awkward: when someone asks you for a link... you find yourself in a tedious process of opening the URL shortener, checking whether you are logged in and what data you have shared, and finally giving up on logging out."

"The lack of instant verification can be seen as a security risk : if someone gains access to your account..."

Incorrect. If someone gains access to your account , merely creating new links wouldn't damage anything. It would only change previous settings that you made. The only way it could cause any problems is if they deleted or changed existing links . "But let's say that nothing bad has happened so far: just imagine that one day, the people behind bitly decide to sell their business to some other ." This has already been anticipated . You can host the entire thing on your own server, which you could do right now if you wanted.

"You can continue to use bitly links as you used to, but this would mean that every link will also send the data of its destination to another company."

 

We are social