<div dir="ltr">>
Except that: it still encourages people to use opaque clicks.<div><br></div><div>Agreed.</div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Oct 8, 2018 at 12:46 PM Tom Henderson <<a href="mailto:thenderson@extremelabs.com">thenderson@extremelabs.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>If you control a target in a domain of your own exclusive
control, then it's your responsibility. Presumably, nothing can be
altered in the delivery chain, nor are there any DNS listings
outside of your administrative control</p>
<p>In this case, it's likely safe.</p>
<p>Except that: it still encourages people to use opaque clicks. If
they mis-transcribe yours, then it's harmless, presumably. If they
use another URL shortener, then it's a dice roll. <br>
</p>
<p>Tom<br>
</p>
<br>
<div class="m_-6531533885213455895moz-cite-prefix">On 10/08/2018 02:15 PM, Ken Gagne
wrote:<br>
</div>
<blockquote type="cite">
<div>Tom,<br>
</div>
<div><br>
</div>
<div>If someone mistypes a YOURLS shortener, how is that going to
infect them with malware? I'm the only person authorized to make
shortcuts in the <a href="http://kgagne.com" target="_blank">kgagne.com</a> and <a href="http://gamebits.tv" target="_blank">gamebits.tv</a> domains. If the site
I'm linking them to (such as Computerworld.com or Moo.com) gets
hacked, then the user is going to get infected with or without a
URL shortener.<br>
</div>
<div><br>
</div>
<div>If you're saying the YOURLS software itself could be hacked,
how is that argument specific to URL shorteners? I wouldn't
advise someone not to have a Twitter account or a WordPress
website on the grounds it could be hacked and their brand
stolen.<br>
</div>
<div><br>
</div>
<div>-Ken</div>
<div><br>
</div>
<div>On Mon, Oct 8, 2018, at 1:51 PM, Tom Henderson wrote:<br>
</div>
<blockquote type="cite">
<p>Convenience at the price of opaqueness. <br>
</p>
<p>Ease of visual transcription for the plausible error of
doling malware.<br>
</p>
<p>Like most shortcuts, doesn't do the job if it infects
someone. A simple mistaken keystroke sends someone to the
unintended. No one mistypes stuff, right?<br>
</p>
<p>The brand might not be what you intended.<br>
</p>
<p>With all due respect,<br>
</p>
<p>Tom<br>
</p>
<p><br>
</p>
<div><br>
</div>
<div>On 10/08/2018 01:40 PM, Ken Gagne wrote:<br>
</div>
<blockquote type="cite">
<div>I use URL shorteners for a few reasons. A short link:<br>
</div>
<div><br>
</div>
<ul>
<li>is easier to remember and type, without having to look
up the original, long link.<br>
</li>
<li>is easier for someone to use if seeing it in a
presentation or a hardcopy handout.<br>
</li>
<li>takes up less space in print.<br>
</li>
<li>is better branding.<br>
</li>
</ul>
<div><br>
</div>
<div>However, I create my short links with <a href="https://yourls.org/" target="_blank">YOURLS</a>,
an open-source URL shortener that you install on your own
domain — no integration with (or dependency on) <a href="http://bit.ly" target="_blank">bit.ly</a>,
<a href="http://ow.ly" target="_blank">ow.ly</a>, or other third-party services. Some examples of links
I've created in it:<br>
</div>
<div><br>
</div>
<ul>
<li><a href="https://gamebits.tv/dox" target="_blank">gamebits.tv/dox</a>:
my Computerworld article about removing your profile from
data brokers.<br>
</li>
<li><a href="http://kgagne.com/moo" target="_blank">kgagne.com/moo</a>:
my referral code for Moo.com.<br>
</li>
</ul>
<div><br>
</div>
<div>I also used YOURLS to create <a href="https://a2.click" target="_blank">a2.click</a>, a URL shortener with
a frontend that anyone can use — but only if the submitted
URLs match my domain whitelist.<br>
</div>
<div><br>
</div>
<div>-Ken<br>
</div>
<div><br>
</div>
<div>On Mon, Oct 8, 2018, at 12:43 PM, Esther Schindler wrote:<br>
</div>
<blockquote type="cite">
<div>Are they still a thing? <br>
</div>
<div><br>
</div>
<div>I used to use them because they provided some level of
tracking click throughs. That went away.<br>
</div>
<div><br>
</div>
<div>I also used to use them back when Twitter counted all
the characters in a URL as part of its 140. That went away
too.<br>
</div>
<div><br>
</div>
<div>I’m not sure when/why anyone wants to use these any
more… even before the security vulnerabilites. <br>
</div>
<div><br>
</div>
<div>
<blockquote type="cite">
<div>On Oct 8, 2018, at 9:04 AM, Tom Henderson <<a href="mailto:thenderson@extremelabs.com" target="_blank">thenderson@extremelabs.com</a>>
wrote:<br>
</div>
<div><br>
</div>
<div>
<div><span><span>I can give you a long list of<span> </span></span></span><a href="http://ow.ly/" target="_blank">ow.ly</a><span><span><span> </span>shortened
URLs that will give you a malware dose the size
of Cincinnati.</span></span><br>
</div>
<div><br>
</div>
<div><span><span>ONE SINGLE MISTYPED character will
send a user into plain hell.</span></span><br>
</div>
</div>
</blockquote>
</div>
<div><br>
</div>
<div>--<br>
</div>
<div>Ipg-smz mailing list<br>
</div>
<div><a href="mailto:Ipg-smz@netpress.org" target="_blank">Ipg-smz@netpress.org</a><br>
</div>
<div><a href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org" target="_blank">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</blockquote>
<div><br>
</div>
<pre>--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc
</pre>
<div>--<br>
</div>
<div>Ipg-smz mailing list<br>
</div>
<div><a href="mailto:Ipg-smz@netpress.org" target="_blank">Ipg-smz@netpress.org</a><br>
</div>
<div><a href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org" target="_blank">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</div>
</blockquote>
<div><br>
</div>
<br>
<fieldset class="m_-6531533885213455895mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="m_-6531533885213455895moz-signature" cols="72">--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc</pre>
</div>
-- <br>
Ipg-smz mailing list<br>
<a href="mailto:Ipg-smz@netpress.org" target="_blank">Ipg-smz@netpress.org</a><br>
<a href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org" rel="noreferrer" target="_blank">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br>Patrick Corrigan<br>Email: <a href="mailto:phcorrigan@gmail.com" target="_blank">phcorrigan@gmail.com</a><br><div><span style="font-size:12.8000001907349px">LinkedIn: </span><a href="https://www.linkedin.com/in/patrick-h-corrigan-61669422" target="_blank">https://www.linkedin.com/in/patrick-h-corrigan-61669422</a></div><div><span style="font-size:12.8000001907349px">Member, Internet Press Guild </span><a href="http://www.netpress.org" style="font-size:12.8000001907349px" target="_blank">http://www.netpress.org</a><br></div><div><br></div><div>"For every difficult and complex question there is an answer that is simple, easily understood and wrong."<br> H.L. Mencken<br></div></div></div></div></div></div></div></div>