TinyURLs: a matter of trust

* It all comes down to whether you trust the author

Reader Andy Swenson, CISSP of the security consulting group Tribridge, wrote to me recently about my use of TinyURL links. He has kindly allowed me to quote him in this newsletter.

Swenson wrote:

“I read your Network World e-mail newsletter on a regular basis and was disappointed to see you using only the TinyURL links in the newsletter. I feel that in any security-oriented newsletter you should include the full link so readers can cut and paste after deciding on the site. With TinyURL, a reader really has no idea where they are being sent until after the fact. While I may be paranoid (it is my job after all), I don't just click on links even from trusted sources without looking at where they are taking me.” 

I wrote back:

Thank you very much for your thoughtful comments and for taking the time to write to me at all - it is a pleasure to receive mail from readers.

I think you are right: The issue of sending readers to an unknown site is a problem that troubled (and still troubles) me. I thought about it for quite a while before deciding that very long URLs were an obstruction to smooth reading of the text. Using those shorter but unknown links thus becomes an exercise in trust, much like using a PGP public key.

If you trust that:

A) I created the TinyURL.

B) It still goes where it was intended.

C) The editors didn't make a typographical error in preparing the final text.

Then you have to decide whether you trust _me_ <smile>.

On the other hand, I suppose that simply seeing a URL to a strange site completely spelled out conveys no information of its own, although it does allow one to check the DNS registration information.

As with so many issues in security, this is a tradeoff between security and functionality. I will continue to evaluate the relative merits of long URLs vs. convenience.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2005 IDG Communications, Inc.