Hey, you know what's awesome?
It's awesome how on #Mastodon you click a link and it's actually a proper link and not a click-tracking URL shortener!
(A cool feature would be to actively un-shorten things when people post shortened links... but things are already awesome, even without that... and maybe relax the toot length constraints for links so people aren't tempted to use them.)
Now, just to Devil's Advocate myself...
Did you know there are cases where URL shorteners are actually beneficial to user privacy?
Browsers usually tell the sites you visit, where you came from (the referrer). If the site where you found the link is in any way private - e.g. a corp web-mail, or your Very Secret Mastodon Lurker Identity - then leaking the contents of your URL bar to the remote site is a privacy issue.
URL shorteners can prevent that leak.
...#infosec gets complicated fast!
... that said, URL shorteners are still mostly horrible.
If you are concerned about referrer leakage, browsers that respect their users (Firefox at least, see about:config network.http.referer.*) will allow you to disable that "feature."
It's sadly one of those things that is insecure and un-private by default, but the Internet came from a culture of trust and naivety, and that's still apparent all over the place.
Referer-Policy pretty much knocks that out though.
You can even do a fine-grained policy like "origin only when viewing a private page, otherwise full URL but only over https"
@HerraBRE That's a problem with the browser though, shorteners just incidentally fix the bug.
@HerraBRE Another big issue with URL shortneners is that they make the web harder to archive. Once the shortener shuts down, the link is useless.
@HerraBRE I think part of the reason why they're using URL shorteners is not only to avoid referer leaking, but to avoid directly linking to 'suspicious*' domains, possibly losing search engine ranking or worse - also becoming flagged as such.
Means t.co instead of twitter.com is going to lose it's ranking.
@pl Twitter are definitely using the shortener just to collect stats about clicks.
I'll print out this toot and eat it with peanut butter and soy sauce if I'm wrong about that!
I also suspect Twitter are confident enough in their brand that they don't worry too much about search engine ranking these days.
Other sites might though, so you still make a totally valid and interesting point in the wider context. 😄
@HerraBRE Indeed! Btw. for the harvesting stats I'd expect/prefer a 'transparent' URL redirect as you can see in Google search results (target URL is a URL encoded URL).
Indeed, for twitter it's probably a no-issue.
Oh, just came to the conclusion I should visit the Wikipedia page https://en.wikipedia.org/wiki/URL_shortening#Shortcomings and I'm not disappointed. :smile:.
@HerraBRE I believe there is an HTTP response header that is a more robust solution to this threat model.
@alcinnz There is now! It's a relatively recent development, I think.
People have been closing all sorts of holes like this over the last few years, which is fantastic.
@HerraBRE In return, the URL shortener service gets a very good view on how many people are going to a destination, and from where, and you have another service sucking up usage information. Probably doesn't need much additional data to deanonymize at least some of the users passing through, even if it's not directly connected to one of the big identity providers (like goo.gl was).
I have that on my toolbar. Bad idea?
@gemlog That depends on what you're using it for, right?
You're telling TinyURL about every visit to that page, so they can track that. That is almost certainly their business model.
Maybe that's fine? Maybe having a short URL to share is worth that.
I'm mostly glad that when I hover over a URL, I know where it is going. Shorteners obscure that and I find that very uncomfortable. If you're linking to the Daily Mail I want to know so I can not click. 😉
@HerraBRE I rarely link or click to the mail. it's fine as long as you don't think it's a news site ;-)
I have thought of making my own hash to run at home at least.
Sandstorm instances have really long names. I suppose for particular instances, I could just made a new subdomain point to it, but for random internet sites...
I suppose extremely very few ppl go to my tinytinyrss site on sandstorm. It's mostly for me to have something typable that I can remember.
@HerraBRE I'm having a look around for something i can host for myself. I never really thought about it until your post. I'm notoriously trusting and I've been using tinyurl for years :-( Just a hash table in my small pea-size brain.
@gemlog I remember when TinyURL was a super cool innovation. It was!
I don't think it's universally bad.
For me the deciding factor tends to be: are you given a real choice? Platforms like Twitter which force t.co on you even if you've already used another shortener are not giving you a choice: they are abusive.
Something like bit.ly or tinyurl... as long as you are aware of what the score is, you can make choices and use or not use as you feel is appropriate.
@HerraBRE I'm reading here: https://github.com/mathiasbynens/php-url-shortener/blob/f64ee342246fa5bf0340641372680a2d398afc79/database.sql#L10
I could host it myself and it only counts hits.
Mind you, it's the first one I've looked at. I'll keep reading.
@HerraBRE Of course, it may shout out when it stores something. I have to read the code. Now you have me paranoid about shortners ;-)
@gemlog I once wrote a shortener in about 10 lines of Perl.
I added things to it by editing the source by hand.
Oh look, it's still there... still works.
But none of the links are interesting to me anymore.
@HerraBRE I totally believe you. When I first learned some perl I thought "Wow! This is even better than Rexx!" which was my fav at the time. A few months later I became a classic ex-perl guy when I couldn't read my own could easily, because I used so many "cool" shortcuts :-(
With the exception of my sandstorm rss url, they are throw-aways that I just use for a single email or masto post.
a) fill my brain with this specialized information that only applies to TinyURL.
b) copy paste all links and edit them before viewing.
c) still tell TinyURL that I am interested in the link (tracking).
None of those are even remotely reasonable things to expect of a person surfing the web.
@cucumber_demon You're calling me weak. I will refrain from responding with an insult in kind.
I'm human. I have WAY better things to do with my brain cells than memorize crap like that. If you fill your brain with junk, that's what your brain will be full of. Human capacity is finite. No thanks!
Techies constantly expecting users to memorize garbage like this is one of the biggest problems with tech.
Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.