Using URL Shorteners

We’ve all seen URLs shortened by and its cousins: Unwieldy juggernauts like reduced to tidy morsels like

Who doesn’t enjoy that? It’s cleaner! Efficient! More user-friendly!

Information security pros, that’s who. Why? Because it’s opaque.

How did you know that clicking (if that’s how you got here) was going to bring you someplace that’s safe to visit?

In our efforts to improve users’ online safety through education, we often preach “Know Where You’re Going” — in other words, find out where that link’s going to take you before clicking it. Use of these URL shorteners necessarily defeats this simple technique. Because of this, it’s hard to know whether points to the conference registration link you wanted or some scammer site claiming that you can log into the conference reg site with your UVM Webmail credentials. And even if the user is savvy enough to spot the fraud based upon the Address bar contents when their browser finally comes to rest (“Hey — that says…”), how many drive-by malware sites did they visit to get there?

It’s impossible to know from

Still: Cleaner! Efficient! More user-friendly!

Fortunately, the fantastic folks of ETS SAA have come up with an answer that reduces the risks somewhat: will happily shorten your links for you, and your users can breathe easier (especially once the information security people have made them hyperventilate over URL shorteners) because every URL can be traced back to a UVM NetID.

(Astute readers will, no doubt, point out that this doesn’t prevent a UVMmer from defrauding Internet users through a URL. And that’s a fair assessment. But information security is a game of reducing exposure to risks rather than eliminating them altogether. Sad, but true.)

THIS JUST IN (2 October, 2013): Adding a tilde (~) to the end of your shortened URL will cause the user to make a quick stop by a small page on which explains where they’ll be taken. This nicely addresses the apparent hypocrisy inherent in this article. Try it for yourself by visiting UVM’s IT security site using these two links:

So please feel free to Shorten the Internet! Just use when you do it! And if you have questions, please let us know.


Sam Hooker, for the Information Security Operations Team

Comments are closed.