In short, stop using brief URLs

URL shorteners were all the rage about 15 years ago. The reasons for them were extensive and varied. Email programs had bad limitations at embedding or wrapping pasted URLs, and a URL longer than 70 or 80 characters might break. Some characters didn’t encode properly. Marketers wanted you to click on a link that hid tracking codes—or even type in a very short URL from printed material or a TV ad.

Oh, and text messaging cost by the message, was expensive and limited, and URLs could wrap across more than one message. Even when the message went through, any phone that could open it up used a terrible browser before the iPhone and a handful of Nokias. (Remember WAP, anyone?)

Frankly, it often seemed hard to transmit a long URL to someone in a form they could easily open. Those days are gone, yet short URLs remain. It’s time for them to die except in sparing circumstances: When a site uses them solely to redirect traffic within its site or via trusted partners (some of whom we may choose not to trust, however).

Encoding arbitrary URLs via shorteners leads to heartbreak of rickroll, but also to the potential exposure to risk you can’t anticipate.

I was thinking of how outdated short links were on January 25 when a Safari-crashing bug was hosted at a website and people were “amusingly” passing around a link to it—hidden with a link shortener. Many tiny URL services hook themselves into malware and spam identification systems, so that if a destination has known problems, the links don’t resolve. But there’s enough time for harm when they first spread.

You should never click on a link if you’re not sure where you’re going to wind up. With normal links, you can make an educated guess and may be proven wrong, if it’s not a URL you know. (And I may be rare in hovering over links before I click to ensure I know where I’m winding up. If you don’t see them, go to View > Show Status Bar in Safari for OS X.)

Many sites and social networks employ link shrinkers to obscure the destination and allow tracking when people click. This is especially the case with affiliate and advertising networks, though their links aren’t always short—just obscure.

You can unwrap short URLs at sites that pursue all the redirects and give you the final destination. (See LongURL and CheckShortURL, for instance.) But that’s a pain, and I imagine most of you aren’t going to do such a thing in general, just for specific cases.

What can you do about this? Not enough, I’m afraid to say, because redirection is embedded in the basic structure of the web. However, you can install extensions or plug-ins for most browsers that will automatically unwrap and reveal where short links wind up, most of them using recipes from LongURL.

The outdated-but-still-functional Ultimate Status Bar was last revised for Safari 7, but still works with today’s version 9. Install it and make sure to hide Safari’s status bar (View > Hide Status Bar if it’s showing). Then, whenever you hover over a shortened URL, the Ultimate Status Bar will show the short URL and quickly resolve it to the long one, as well as provide information about the destination page or file. Similar extensions for Firefox and Chrome can be found, though also out of date.

Ultimately, we should put pressure on companies and sites that continue to use short URLs for anything but intra-site links or sites with which they directly interact. Many people and organizations keep using them to collect stats about clicks, but the potential for misuse has been so high for so long, it’s time to get short with condensers, and expand upon why they should stop.