Undetectable Humanizer: Lifetime Subscription
Transform AI-Generated Text into Human-Like, High-Ranking Content & Bypass Even the Most Sophisticated AI Detectors
Get 95% Deal

How to tell if a shortened link is secure in 2018

Martin Brinkmann
Dec 21, 2014
Updated • Feb 25, 2018
Internet
|
30

If you hang out a lot on social media sites such as Twitter or Facebook, you have encountered countless links that were shortened.

What is meant by that is that proxy links tend to get posted on these sites that do nothing but redirect you to the real site when you click on them.

While that may make sense on Twitter with its artificial 140 character limit, it is a dangerous habit that has no real advantage other than reducing the number of characters displayed on the screen.

The danger lies in the fact that you don't know where a link leads you. A link like http://bit.ly/1pHtsqW reveals nothing about its destination and with that comes the danger that you get tricked into loading dangerous sites on the Internet.

Update: Firefox 57+ users may download and install Unshorten.link. The extension is compatible with Firefox 57 and newer, and expands and analyzes links automatically when you activate them.

How to tell if a shortened link is secure in 2018

Maybe you get redirected to a phishing website, a drive by download page, or a site that tries to attack you or your computer in other ways.

short links

You can prepare your system for that somewhat though. Security software may assist you and protect you from many dangers for example, but there is never a 100% protection against all threats.

The source

You can use the source as an indicator. Who posted the link? Is it a trustworthy friend, a company or an individual that you don't know at all or barely?

While that may help you most of the time, it should not be used exclusively to assess the potential danger of a shortened link.

A friend may send you a link that you don't want to visit for example. This does not necessarily have to be a security issue. Maybe you don't want to be rickrolled again, or hate it when friends send you "2 girls one cup" like videos.

Then there is also the possibility of hacked accounts. If a friend's account has been hacked, malicious links may be pushed by the attacker to all followers or friends.

Revealing the link target

reveal shortened link

The best option that you have is to reveal the target of the shortened link. While it is usually possible to visit the website of the url shortener service to reveal the link target by entering the short version manually on it, it is not practical.

That's where tools come into play that assist you in that. A search for Chrome extensions and Firefox add-ons comes to a surprising result. While there are a handful of extensions available for Chrome that reveal shortened link targets automatically, there is not a single one available for Firefox that works.

The majority of add-ons for Firefox that reveal links date back to 2012 and earlier, and not a single one of them works.

Side note: There is still the possibility that an add-on exists for the browser but I was not able to find it on the official website. If you know of one that works, let me know in the comments.

Chrome users can select LinkPeelr for example which reveals link targets on hover. It supports a wide variety of services including t.co, bit.ly, is.gd or ow.ly to name a few.

So what can Firefox users use instead?

Firefox users can use a service link LongUrl instead. It is a web service that you can paste shortened links in to reveal their destination.

It is not nearly as comfortable as hovering the mouse over links but it is better than not being able to reveal a link destination at all.

The service maintained a Firefox add-on once but it has not been updated since 2009 and won't work in recent versions of the browser. The userscript too is not working correctly anymore.

An alternative to that is Unshorten which reveals the link target and displays Web of Trust ratings and whether hpHosts has blacklisted the url on the results page.

Now You: How do you handle shortened links?

Summary
How to tell if a shortened link is secure in 2018
Article Name
How to tell if a shortened link is secure in 2018
Description
Reveals tools and best practices to analyze shortened links without clicking on them.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. ghastly said on December 24, 2014 at 12:31 am
    Reply

    Here’s another site for url expansion: http://urluncoverpro.com/

    They also have browser addons and mobile browsing support.

  2. Diana L said on December 23, 2014 at 12:14 am
    Reply

    In Firefox, I have Cool Previews… you hover over links and they open in a non-browser window.

  3. Gordon Hay said on December 22, 2014 at 8:00 pm
    Reply

    I use the Unshorten.it add-on in Firefox, available here (also for Chrome) http://www.unshorten.it/browser-extensions

    It adds a link to the right-click context menu and opens a new tab with details of the destination, ratings etc.

  4. Karl Gephart said on December 22, 2014 at 5:50 pm
    Reply
    1. Martin Brinkmann said on December 22, 2014 at 6:27 pm
      Reply

      Will check, thanks!

  5. Jesper said on December 22, 2014 at 9:54 am
    Reply
  6. Dwight Stegall said on December 22, 2014 at 4:15 am
    Reply

    Link Peelr doesn’t work on Twitter. I believe it is because they convert all links short or long to their own link shortener. So it’s getting shortened twice.

  7. Tom Hawack said on December 22, 2014 at 12:47 am
    Reply

    Not to mention shortened shortened links. I’ve even seen once a shortened shortened shortened link : before arriving to destination your journey was spotted three times. Nice tracking even if the destination is healthy.

  8. Redgrave said on December 21, 2014 at 6:37 pm
    Reply

    Usually, shortened link posted on social media also show a preview so you can easily spot the website and then you’re pretty much able to tell if it’s a known website or some obscure one.

    Other than that, if you really have to open shortened links, let’s say having a friend that sends one (we all have those), opening it in a browser previously opened in Sandboxie, is also a good idea. Or, having the link scaned on Virus Total.

    Of course, before any of those, unshortening the link is the easiest and should be the first thing to do, probably.

  9. dan said on December 21, 2014 at 4:01 pm
    Reply

    I browse with Sandboxie and don’t much mind where links take me anymore.

    1. tuna said on December 21, 2014 at 10:53 pm
      Reply

      How is that working out for you since Tzuk left the building?
      Been meaning to follow up and see if the new owners have f’ed it up yet.
      Perhaps Martin could revisit an ol’ fav to see how it fares under the new leadership?

      1. dan said on December 22, 2014 at 11:24 pm
        Reply

        So far so good, surprisingly enough. Fairly regular updates, and all continues to work well. Of course the new owners may have inserted a back door for their own nefarious purposes and I’m now surfing with a false sense of security . . . . ;)

  10. Henk van Setten said on December 21, 2014 at 12:41 pm
    Reply

    In Firefox, I use the “URL X-ray bookmarklet”. Just Google for it.

    1. Stevey said on December 21, 2014 at 7:27 pm
      Reply

      But how can you be sure a bookmarklet is safe?

    2. Croatoan said on December 21, 2014 at 1:04 pm
      Reply

      I use it to :) I love it because it’s bookmarklet and not an addon that can spy and use ram and cpu continuously.

  11. George P. Burdell said on December 21, 2014 at 12:19 pm
    Reply

    My invariable policy is to never click on short links no matter where they may lead. Life is so full of other interesting things to do and to read, that mysterious unknowns can be rejected out of hand. I also immediately depart from websites that want to set cookies in my browser. This is my PC, where P=Personal. It is not available to be written upon or manipulated outside my personal control. If you click on links that take you to places you know not, you have a problem with your self-control being overwhelmed by your insatiable curiosity in the face of danger. If you crave adventure, click on Random Article in Wikipedia. It’s a lot safer, and sufficiently serendipitous.

    1. Ronald said on December 22, 2014 at 12:50 am
      Reply

      The point is that you wrote, ” I also immediately depart from websites that want to set cookies in my browser. ”

      ghacks, like every website, does want to set cookies in your browser. Quite harmlessly, too. Whether you decide to block your browser from accepting cookies is another matter entirely.

    2. Ronald said on December 21, 2014 at 4:22 pm
      Reply

      Name one website that does NOT “set cookies in your browser”?

      Why are you on ghacks? It sets cookies, too!

      I LOVE techno-illiterates bloviating, I really do.

      1. tuna said on December 21, 2014 at 10:55 pm
        Reply

        “I LOVE techno-illiterates bloviating, I really do.”
        heh.

      2. George P. Burdell said on December 21, 2014 at 5:31 pm
        Reply

        Dear Ronald,

        Although I got into computers in the 1950’s, and made my living at them in the 1960’s, I guess there’s always more for me to learn. For example, my browser setting for accepting cookies is not checked, and the browser does not now show any Ghacks cookies as being present. What am I missing here, Dear Teacher?

        If Ghacks required setting a cookie to access its quality content, I would put Ghacks on my list of exceptions voluntarily. Martin, Is this intemperate, dyspeptic Ronald fellow correct that you try to set cookies?

        GPB

      3. Martin Brinkmann said on December 21, 2014 at 5:34 pm
        Reply

        Ghacks does not require cookies to be accessed. The commenting plugin sets cookies so that you can edit them, and there is Google Adsense which sets cookies as well. None are required to access the contents though.

  12. Dwight Stegall said on December 21, 2014 at 11:49 am
    Reply

    I use TinyURLs preview link so people know where they are going before actually getting there.

  13. anohana said on December 21, 2014 at 11:28 am
    Reply

    I very rarely use social media, so I don’t have this problem. However I found this script: https://greasyfork.org/en/scripts/5359-url-shortener-unshortener
    I tried on twitter and works fine.

    1. Chains The Bounty Hunter said on December 22, 2014 at 6:15 am
      Reply

      There used to be a great script that revealed the destination URL upon hovering over the shortened version. I’m sure there’s been a replacement (or multiple, as is the case with these things) but I’ve found myself not bothering to read any post with a shortened URL these days, no matter if it was posted by someone I trust or not.

    2. Yoav said on December 21, 2014 at 7:31 pm
      Reply

      Thanks for the tip. I installed and it works fine.

    3. Ronald said on December 21, 2014 at 4:19 pm
      Reply

      Yep, count me as another satisfied user of the “URL Shortener Unshortener” script for Greasemonkey.

  14. BKV said on December 21, 2014 at 11:21 am
    Reply

    A custom add-on I made for myself on Waterfox then later PaleMoon quite a while ago.
    Based it off the Long URL Please add-on.

    1. interstellar said on December 22, 2014 at 2:12 am
      Reply

      Can you share this addon with us?

      – Pale Moon 25.1.0 and FF 34
      – Ubuntu Linux 12.04 (32-bit)

  15. Tom Hawack said on December 21, 2014 at 10:41 am
    Reply

    To unshorten a link (which I do quasi systematically) I use LongURL (http://longurl.org/) and feed it with the url via LongURL as a Firefox search engine.

    To shorten a link, TinyURL (http://tinyurl.com/ ) with always the preview option (preview.tinyurl.com/xxx) as a commitment to security and respect for the user.

    For Google Maps I make an exception for goo.gl in my Hosts file when basically this shortener is blacklisted.

    1. Mike Corbeil said on November 12, 2016 at 8:07 am
      Reply

      It’s now 12 Nov. 2016, 1:57 a.m., and the longurl.org website, either, no longer exists or is just not loading for a reason such as server administration. I’ve tried it a few times over the past hour or more and the server isn’t found. I’ve tried to go to websites that occasionally wouldn’t load, their servers not be found, and I recall, vaguely but pretty surely, having gone to a few websites that had some server or servers down for admin. work, but a message was still provided to inform the visitor of the reason for getting nothing more service and how long it was expected for the serivce to be unavailble. Some of those messages said 2 hours and it wasn’t at this time of night. It was around 6 a.m.

      Since I’m getting no such message for longurl.org, I’m assuming that it has ceased.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.