Information leaking from URL shorteners
With the rise and rise of Twitter, the practice of shortening URL links has become increasingly common. But why shorten a URL when outside of the 140 character length imposed by Twitter?
Simple: Analytics.
Instead of linking direct to a site, you can use a service such as bit.ly to shorten the URL. It will then provide interesting analytics on the number of clicks you’ve received on the link, from which locations, whether anyone has on-tweeted the link, and so on.
This is useful information, especially when running advertising campaigns for clients as it makes reporting much easier.
(In exchange for providing this service, the URL shorteners get data on what’s hot right now by inferring trends from all the clicks on the millions of shortened links they provide. Witness in coming months the rise of real time search, powered in part by the URL shortening industry. But this is another post…).
But there’s a rub to using a URL shortening service for the analytics on the clicks. And it’s called information slippage.
I’m always intrigued by how often semi-sensitive information is leaked unwittingly. Sequentially numbering your invoices? Then you’re leaking billing and business activity. Does it matter? Maybe; depends who gets the information.
So here’s how bit.ly and other services leak information.
If you ever see a shortened URL, you can copy the link, and simply append a + sign to the end of it. The resulting page shows the click activity of the link. Here’s an example I plucked from a newsletter calling for Silicon Valley pitches: http://bit.ly/NeAsF+
You can see the click activity on the link; implying to me this guy has a pretty large database he’s sending to. This may not be a big deal, but it can indicate to your competitors how much traffic you’re getting on your site, and where they’re based.
The issue with information slippage is that you’re unwittingly leaking this information.
It mostly won’t matter. But it could.
So it might be wise to consider the implications before you automatically shorten your next outbound link for tracking purposes.