When Google finally shut down its Goo.gl shortening service, I wrote an article about the best alternative URL shorteners.

Security specialists cringe at these services because they can often be used to hide attacks, but when brute forced (using a program that tries to find valid links automatically), you can usually find classified or confidential information. If you are interested in this type of research, check out this academic paper entitled "Gone in Six Characters: Short URLs Considered Harmful for Cloud Services."

The TLDR is that shortened URLs can be scanned using automation and doing so reveals a tone of Microsoft OneDrive accounts storing private information (most unlocked). Knowing that these files are automatically downloaded (most of the time) to the user's PC through synchronization, a threat actor can weaponize them. The researchers also discovered location information such as driving instructions for specialize medical services, prisons or adult establishments.

Make that link scary

None of these valid concerns is the reason I wrote this article though. The purpose of this article is to take legitimate links and make them scary (at least for tech-savvy recipients).

The purpose of VeryLegit is to take good links and make them scary (without actually being dangerous of course).

When asked how the service works, the humorous authors deliver this little gem:

“Due to rapid advancement in dark ritual technology, the programming community has streamlined the development and deployment of unspeakable eldritch horrors. Using robust open-source libraries like a sack of live geese, websites like this one can be developed with far more efficient sacrificial rituals than ever before. We’re still stuck on the version with really inefficient sacrifical rituals though, due to comp͆aͭatib̊i̼͕l̈̿i̮̜t̚y̅ ͊i͋s̾s̢͈͠u̶e̛̊s̼̃.”

— verylegit.link

Let's try it

1 - You copy a link like my article about Google Tasks "https://www.kiledjian.com/main/2018/4/25/google-launches-new-tasks-app-mobile-web"

2- You paste it into the magical input box

3 - You click on Make it look dodgy

4 - You copy the scary looking link (http://ctf.verylegit.link/+javaexploit_970speedupurpc!!install-now!!java0day.docm.js.pdf) and voila. Scare the pants of a tech-aware friend.

It will redirect you to your original link only adding lots of scary extensions typically used by scammers and Nigerian princes wanting to give you millions of dollars.

So welcome to Monday, time to have some fun.

Best URL shorteners

April 2, 2018GeneralEdward Kiledjian

URL shorteners are something you either use a lot or never. Google launched it's own URL shortening service in 2009 with unique (at the time) features like third-party API access, QR code generation, ability to use easily on mobile.

But Google is retiring this public facing service and replacing it with Firebase Dynamic Links (FDL) accessible by developers only.

This is not surprising since Twitter retired Deck.ly when it acquired TweetDeck.

As part of the process of making TweetDeck more consistent with Twitter.com & Twitter's mobile apps, we're removing deck.ly from our apps
— TweetDeck (@TweetDeck) September 15, 2011

If you have links, Google is giving you until March 30, 2019, to figure out what you are going to do (even though you will lose the ability to create new short links on April 13).

What are the best Goo.gl alternatives?

1 - Bit.ly

The first alternative has to be Bit.ly which is one of the most popular URL shortening services on the internet and one of the oldest. You create an account and then generate short links as required (you can also choose a tag to group your URL).

Bitly allows you to create custom branded short URLs, which is excellent for marketing.

2 - Ow.ly

Hootsuite runs a service called Ow.ly. Ow.ly offers all of the features of Bit.ly but integrates with HootSuite. So if you use Hootsuite to manage your social media presence, this could be the best option for you.

The big difference is that Bit.ly allows you to quickly shorten a link from their main webpage without having to sign-up whereas Ow.ly does not.

3 - rebrandly.com

Many lists include Firebase from Google but I am omitting it since it is only designed for use by developers in apps (not useful for the average Joe). My last recommendation is Rebrandly.com which offers custom URL shorteners. Many large cloud companies are Rebrandly customers (such as Microsoft, Dropbox, etc).

Before you get scared and look away, they offer a free tier that will meet the needs of most users.

Conclusion

A URL shortener is a service that you will rely on for years, and I have presented the companies (services) that look to be the most stable. Remeber that when the service disappears's your links break which could wreak havoc on your social strategy.

LongURL shows what's really hiding behind that short URL

November 30, 2012InfoSecEdward Kiledjian

A technique used by hackers is hiding a malicious URL using a URL shortening service like Goo.gl, TinyURL or the automatic shortening done by twitter using the t.co address. There are plug-ins for most browsers that show the actual URL however you may not want to install another browser plug-in (that may compromise your security or slow down the browser).

LongURL performs this function without having to install anything.

1. GO to LONGURL

2. Enter your short URL

You immediately get the title, short URL, how many redirects they have seen to that address and the long URL. I tried the service with about a dozen different shortened URLs (from different providers and to different web sites) and screenshot never seemed to appear.

Turn your legit link into a scary one