i'm still waiting for malware to propagate by a shortened url that goes to a legitimate site, builds up credibility (retweeted, etc.) and then is swapped out on the shortening site to start redirecting to a different page that looks like the original but does some drive-by download or exploits a zero-day vulnerability.

there would be hundreds of inbound links pointing to it coming from trusted sources, and could even use a legitimate shortener like bit.ly but just make the bit.ly link direct to some other shortener that nobody would notice (because the browser redirection would happen so quickly), then do the switch at that second shortener.

Or maybe do the same with some kind of internet forum where people blindly click on the links.

Or do the same thing with the link to your 'awesome' blog post... Or change the IP on your ___domain/subdomain to point somewhere else...

Phishing has never been more fun!

Anyway, here's my feeble attempt: http://mug.gd/96W

This is why you should use images for titles: http://mug.gd/QSEu

spatial points?

Eh, I couldn't think of anything clever for points. (I did say feeble...)

ah, I just thought the "uninteresting" part was the mug and spatial points was some HN greasemonkey feature you had...

Oh, there's a lot more I changed than that.

Can't you just look at the ___location bar and see that the url is still mug.gd?

Or is this a joke and I missed it?

I think the idea is that a lot of these url shorteners now also include their bars on top.

exactly.

We can, normal users probably still don't know that.

Oh man, that came at a good time.

The previous HN story is "Korea's Internet Is Mired in a Microsoft Monoculture (chosun.com)" so I did a URL shortener substituting [company] for "Korea." The only problem was that I could not selectively substitute for both "Korea" and "Korean" (I tried ordering them, didn't help), so Korean became [company]n.

Mug.gd doesn't say how long the shortened url lasts, so I hope my gentle readers click the link before it rots. :-/

Can you recursively mug a mug.gd link?

they are also bad in that if one goes out of business or loses their database all the links on the web that use the shortener stop working forever

I think this is the best point against URL shorteners.

I'll second that. The whole point of the internet (at least as I see it) of linking relevant documents together is pretty much lost when those links are fragile shortened urls. Maybe if there was a markup, similar to the img alt tag, that allowed you to say "Here's the short one, if that doesn't work, here's the full one".

The real issue, as I see it, is that people solved the wrong problem. I see this a lot at my new job, where they created bigger problems for themselves by asking the wrong questions and therefor solving the wrong problem. Isn't the main reason people use shortened URLs so that they can link to things on sites like Twitter where every character counts? If that is the case then the real problem isn't that URLs are too long, it's that Twitter counts them against you, instead of allowing people to put actual hyperlinks (you know, <a href="xyz">Title</a>) in their tweets. If the only part that counted against your character count was the Title section then we wouldn't have this problem. They could even simplify the markup somehow to make it more user friendly then actual HTML.

If I've misunderstood the problem that URL shorteners are trying to solve then I apologize for my off the mark rant.

Thanks Mark

Mark I think the problem is the 140 character limit.

The HTML markup would be included in that. Twitter takes a website address and turns it into a link when it is displayed on their website.

But if a Tweet is sent via a mobile phone, they are limited by the 160 (I think that is the SMS limit). So HTML markup counts.

Which is why using a shorter URL is key.

Wait, you're telling me that "the best new protocol" and "the future of the internet" is being held back by the telcos, the most hated, slow moving, bureaucratic companies on earth?

Sounds like we need push email.

The real reason why people use URL shorteners is because they can instantly track how many people have clicked on their link.

For PR2.0 whores, it's addictive.

Twitter's 140 character limit was just the original excuse. Now everyone who is selling stuff loves the ability to track every click and see how their propagate over the "social graph". If they could, they'd force you to install a Firefox plug-in so they know what you are looking at and why you didn't click on their link...

That makes sense, in a weird, twisted, PR sort of way.

I think it's the same as the argument against URLs -- anything you link to may end up going away in the future. Hasn't destroyed the Web yet.

Yes, but when a shortener dies, neither the linker nor the linkee can fix the problem, making the problem worse.

When the linkee dies, the linker can't fix that either (short of linking to, say, archive.org -- which works regardless).

The linker can inspect a direct link to see where it was pointing, in order to find it on archive.org or to contact the linkee and notify them the link went down. If a shortener goes down, the linker only has the obfuscated url, and has to rely only on their memory to redirect the link.

Not all are evil, try Hapylink at http://hapylink.com

Trust is a powerful thing. You can get a lot more done when you have trust. It would be a shame to break that trust for no real reason other than it seemed like a clever idea at the time.

The trust you speak of is an illusion. Security through obscurity at best.

I would rather warn of the dangers.

Trust is a risk. Illusion really isn't an appropriate term.

Although in this case it's a somewhat peripheral issue, I realize there are other issues.

I noticed that one URL shortener is engaging in massive Cookie Dropping, as soon as you click on a link you add 50 affiliate cookies ... nice business modell, not so nice service

Which one?

Use Firefox's extension LongURLPlease http://www.longurlplease.com/ and bring some sense into all these tweets

now that's a neat plugin. Wish i'd be for chrome too, though. Nice anyway :)

Beaten with their own weapons:

http://mug.gd/l5g1W

I just made them an awesome and fun URL shortening service!

http://mug.gd/IUyt0

Amusing example :) I wasn't aware just how many posts on TC are about Twitter.

Yeah, I picked that because no matter what time of day or week you look at the site, there is /always/ a Twitter post on the front page of TC.

I have always been hesitant on clicking shortened URLs. I have trust issues. It's almost like a box of chocolate, you never know what you're going to get!

Then it is time for you to use a safe URL shortenner: http://safe.mn/ :-) IE, these URLs could lead to a "dangerous" website, but you are warned before reaching the final destination: http://safe.mn/-M http://safe.mn/WP http://safe.mn/TU http://safe.mn/Te

This is a mighty strange time and place to be pitching a URL shortening service.

No publicity is bad publicity!

I dislike URL shorteners because they increase the chance of link rot. mug.gd doesn't prove they are evil though - it proves that links are evil.

very good point. That is basically what I am after... they hide the true origin and intent when they hide the content in an iframe.

Isn't it a bad idea to retrieve any url since then an attacker could use this service to sql inject without leaving his IP on the victims log?

Meh. There are plenty of open redirects out there anyway, and using one you made yourself has the disadvantage that you'll be visible in the Referrer logs.

I'd imagine most of these services just do GETs, which negates most of that possibility.

"URL Shorteners are evil"

That's why I always use http://www.hugeurl.com/

I am partial to http://urlshorteningservicefortwitter.com/

Astoundingly, twitter isn't anywhere on TechCrunch. Sign of the end of times, right?

Cool idea, terrible implementation

What do you dislike about it? I know its not the best, and would love critical feedback on how it could be better.

It immediately displays a bar at the top of the altered page making it too obvious

I was going for obvious. There is (currently) a way around that. I say currently because I have updates to fix it.

I know this would be a "fun tool" for some people to play jokes and pranks on other people, but cannot in good conscious let that happen without /some/ level of indication.

madlibs anyone?