In association with heise online

25 January 2010, 14:07


When people click on short URLs from services like or, they don't always know where they'll land until they've actually arrived. The next generation of short URLs even go one step further.

To be honest, we have to admit that we completely screwed this up (there are those of you, of course, who have always known). We sacrificed usability before the altar of Google and the URLs for our stories and features have become increasingly unwieldy. A URL like, for example, is a monster that's not easily re-typed. Something like is much more practical. With a shorter URL, you can easily Twitter it, type it into your mobile phone or even spell it on the phone. And at least after opening the link you can see where you've finally ended up.

Zoom Maybe this is Sunbelt talking - but maybe not...
The ability to know exactly where you are online is now being taken from us by the next generation of URL shorteners, which show the original content only inside of an iframe. RSA security expert Aviv Raff, for example, regularly uses and gets retweeted by people like the security blogger and former Washington Post editor Brian Krebs. Cult science fiction author Bruce Sterling often uses the short URL service. What these two services have in common is that they both feature a proprietary bar above the content that allows for advertisements and other information. More importantly, however, the page is no longer displayed under its own actual URL, but rather under that of the short URL.

When asked about, Raff said with a grin that URL shorteners are, in any case, "bad by default". One would think that a security expert should know that the additional separation of a URL and the content has more than a just symbolic meaning. The URL in the address bar has full control over the content that appears below it. It can show the original content but it can also show something completely different. Even more evil, but equally as easy to do, is the possibility that the content may only differ slightly from the original.

The worst thing is, that we throw away the work of all those years were we told users to double check the URL in the address bar. And this time we don't even get something in return. Because services like and don't offer end users any noticeable advantage compared to ordinary short URL services like

Last, but not least to make a stand against this, we introduced our own short URLs for our articles that are used by @honlinenews and @honline. It is easy to see that they come from The H and they always lead to The H. For example the monster URL from above can be reached via

Juergen Schmidt aka ju

PS: Sorry, I couldn't resist it. Feel free to complain in the forum below. ;-)

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit