<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>If you control a target in a domain of your own exclusive
control, then it's your responsibility. Presumably, nothing can be
altered in the delivery chain, nor are there any DNS listings
outside of your administrative control</p>
<p>In this case, it's likely safe.</p>
<p>Except that: it still encourages people to use opaque clicks. If
they mis-transcribe yours, then it's harmless, presumably. If they
use another URL shortener, then it's a dice roll. <br>
</p>
<p>Tom<br>
</p>
<br>
<div class="moz-cite-prefix">On 10/08/2018 02:15 PM, Ken Gagne
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1539022554.496047.1534902832.50C6E5D0@webmail.messagingengine.com">
<title></title>
<div>Tom,<br>
</div>
<div><br>
</div>
<div>If someone mistypes a YOURLS shortener, how is that going to
infect them with malware? I'm the only person authorized to make
shortcuts in the kgagne.com and gamebits.tv domains. If the site
I'm linking them to (such as Computerworld.com or Moo.com) gets
hacked, then the user is going to get infected with or without a
URL shortener.<br>
</div>
<div><br>
</div>
<div>If you're saying the YOURLS software itself could be hacked,
how is that argument specific to URL shorteners? I wouldn't
advise someone not to have a Twitter account or a WordPress
website on the grounds it could be hacked and their brand
stolen.<br>
</div>
<div><br>
</div>
<div>-Ken</div>
<div><br>
</div>
<div>On Mon, Oct 8, 2018, at 1:51 PM, Tom Henderson wrote:<br>
</div>
<blockquote type="cite">
<p>Convenience at the price of opaqueness. <br>
</p>
<p>Ease of visual transcription for the plausible error of
doling malware.<br>
</p>
<p>Like most shortcuts, doesn't do the job if it infects
someone. A simple mistaken keystroke sends someone to the
unintended. No one mistypes stuff, right?<br>
</p>
<p>The brand might not be what you intended.<br>
</p>
<p>With all due respect,<br>
</p>
<p>Tom<br>
</p>
<p><br>
</p>
<div><br>
</div>
<div>On 10/08/2018 01:40 PM, Ken Gagne wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1539020448.485823.1534860696.57112460@webmail.messagingengine.com">
<div>I use URL shorteners for a few reasons. A short link:<br>
</div>
<div><br>
</div>
<ul>
<li>is easier to remember and type, without having to look
up the original, long link.<br>
</li>
<li>is easier for someone to use if seeing it in a
presentation or a hardcopy handout.<br>
</li>
<li>takes up less space in print.<br>
</li>
<li>is better branding.<br>
</li>
</ul>
<div><br>
</div>
<div>However, I create my short links with <a
href="https://yourls.org/" moz-do-not-send="true">YOURLS</a>,
an open-source URL shortener that you install on your own
domain — no integration with (or dependency on) bit.ly,
ow.ly, or other third-party services. Some examples of links
I've created in it:<br>
</div>
<div><br>
</div>
<ul>
<li><a href="https://gamebits.tv/dox" moz-do-not-send="true">gamebits.tv/dox</a>:
my Computerworld article about removing your profile from
data brokers.<br>
</li>
<li><a href="http://kgagne.com/moo" moz-do-not-send="true">kgagne.com/moo</a>:
my referral code for Moo.com.<br>
</li>
</ul>
<div><br>
</div>
<div>I also used YOURLS to create <a href="https://a2.click"
moz-do-not-send="true">a2.click</a>, a URL shortener with
a frontend that anyone can use — but only if the submitted
URLs match my domain whitelist.<br>
</div>
<div><br>
</div>
<div>-Ken<br>
</div>
<div><br>
</div>
<div>On Mon, Oct 8, 2018, at 12:43 PM, Esther Schindler wrote:<br>
</div>
<blockquote type="cite">
<div>Are they still a thing? <br>
</div>
<div><br>
</div>
<div>I used to use them because they provided some level of
tracking click throughs. That went away.<br>
</div>
<div><br>
</div>
<div>I also used to use them back when Twitter counted all
the characters in a URL as part of its 140. That went away
too.<br>
</div>
<div><br>
</div>
<div>I’m not sure when/why anyone wants to use these any
more… even before the security vulnerabilites. <br>
</div>
<div><br>
</div>
<div>
<blockquote type="cite">
<div>On Oct 8, 2018, at 9:04 AM, Tom Henderson <<a
href="mailto:thenderson@extremelabs.com"
moz-do-not-send="true">thenderson@extremelabs.com</a>>
wrote:<br>
</div>
<div><br>
</div>
<div>
<div><span><span>I can give you a long list of<span> </span></span></span><a
href="http://ow.ly/" moz-do-not-send="true">ow.ly</a><span><span><span> </span>shortened
URLs that will give you a malware dose the size
of Cincinnati.</span></span><br>
</div>
<div><br>
</div>
<div><span><span>ONE SINGLE MISTYPED character will
send a user into plain hell.</span></span><br>
</div>
</div>
</blockquote>
</div>
<div><br>
</div>
<div>--<br>
</div>
<div>Ipg-smz mailing list<br>
</div>
<div><a href="mailto:Ipg-smz@netpress.org"
moz-do-not-send="true">Ipg-smz@netpress.org</a><br>
</div>
<div><a
href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org"
moz-do-not-send="true">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</blockquote>
<div><br>
</div>
<pre>--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc
</pre>
<div>--<br>
</div>
<div>Ipg-smz mailing list<br>
</div>
<div><a href="mailto:Ipg-smz@netpress.org"
moz-do-not-send="true">Ipg-smz@netpress.org</a><br>
</div>
<div><a
href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org"
moz-do-not-send="true">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</div>
</blockquote>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc</pre>
</body>
</html>