|URI Shortener Makes Partnerships To Protect Users From Malicious Links|
| 3:43 pm on Dec 1, 2009 (gmt 0)|
URI Shortener Makes Partnerships To Protect Users From Malicious Links [wired.com]
|Bit.ly, the service Twitter uses to shorten URLs to keep them under the service’s 140-character limit, announced partnerships on Monday with Verisign, Websense and Sophos that are designed to keep spam and malicious software off of the network. |
The partnerships should help solve a major problem with the service: that you don’t know where your browser will take you after you click on a shortened link, which makes Twitter the perfect potential hideaway for spammers, scammers, phishers and the like.
|Bit.ly’s new partnerships aim to solve that problem in three ways. |
Verisign’s iDefense service will screen IP addresses, domains and URLs based on its reputation database, to find those that “host exploits, malicious code, command and control servers, drop sites and other nefarious activity,” according to Bit.ly general manager Andrew Cohen.
WebSense’s ThreatSeeker Cloud will analyze the content on pages linked to through Bit.ly in real-time to identify and block “spammy URLs, malicious content and phishing sites.”
Meanwhile, Sophos rounds out the equation by analyzing the behavior of potential spammers to “go beyond blacklists, to proactively detect spam and malware.”
| 3:52 pm on Dec 1, 2009 (gmt 0)|
The invisibility of the destination URL is what I hate most about URL shorteners. Glad to see that Twitter is doing something constructive regarding it.
IMHO the only real solution to all those problems is not to use shorteners at all. But alas, with length limits on tweets they are a dastardly necessity. Hmm, or we could all just stop using Twitter... hahahaha LOL
| 4:36 pm on Dec 1, 2009 (gmt 0)|
Meanwhile, simple software like Power Twitter already exists that extracts the page title of the destination and exposes the full path in your browser. Additionally, Twitter itself could easily deploy this very same feature to any Ajax capable browser.
| 5:16 pm on Dec 1, 2009 (gmt 0)|
Or Twitter could reduce the url to some form of anchor text "Link" allowing the user to mouseover and view url.
| 10:20 pm on Dec 1, 2009 (gmt 0)|
Not doable when the user receives the message as an SMS; 140 is all there is. The user will select the short URL and that will in turn open their phone browswer to look at the web. There's no easy way to protect those users, unless their phone browser could display an interstitial page warning what the true URL really is and force the user to select proceed or cancel.
| 6:21 am on Dec 2, 2009 (gmt 0)|
There is also a Firefox add-on that does this: I do not use it because it is not compatible with Tree style tabs.
Also, I only even see these on Twitter, and anyone who sends me to a malicious site is going to be rapidly "unfollowed".
| 6:26 am on Dec 2, 2009 (gmt 0)|
|Not doable when the user receives the message as an SMS; 140 is all there is. |
The software that receives the message can query the URL and display the expanded version.
There is always software between the USER and the SMS so there is no excuse for not automatically expanding the URL in the device receiving the SMS to expose it's content.
Additionally, a simple setting PER USER could also require all tiny url's to go to the PREVIEW mode of the TINY URL service by default, lots of options.
| 6:43 pm on Dec 4, 2009 (gmt 0)|
Super glad to see this getting underway. I've been waiting for some huge malware issue to prompt this action, but I'm glad it didn't quite take that extreme of a problem.