“A recent paper by Cornell Tech researcher Vitaly Shmatikov and independent researcher Martin Georgiev demonstrated that shortening URLs can have serious privacy consequences. Because shortened URLs are so short, they are vulnerable to brute-force scanning, meaning that attackers can guess multiple shortened URLs and read all of the working ones. The researchers looked at Microsoft MSFT -0.95% OneDrive and Google GOOGL -0.51% maps URLs shortened using bit.ly. They found that shortened URLs shared on a cloud service are effectively public. In the case of Microsoft OneDrive, they’re vulnerable to malware injection as well.
“In the case of cloud-storage services such as Microsoft OneDrive, this not only leads to leakage of sensitive documents, but also enables anyone to inject arbitrary malicious content into unlocked accounts, which is then automatically copied into all of the account owner’s devices. In the case of mapping services, short URLs reveal addresses and—via easy cross-correlation with public directories—identities of users who shared directions to medical facilities (including abortion, mental-health, and addiction-treatment clinics), prisons and juvenile detention centers, places of worship, and other sensitive locations; enable inference of social ties between people; and leak other sensitive private information,” the researchers concluded.
Although Google has responded by lengthening URLs and blocking automated scanning and Microsoft no longer allows OneDrive users to share files using shortened URLs, previously shared links are still live, and the exposed data is still vulnerable. But the fact that private shortened URLs could become public is not only reason not to shorten URLs. There are others.”
I had no idea that shortened URLs could be so problematic and dangerous. There is also the idea that some folks could get angry at a misleading title to a link.
This article goes on to explain that twitter now automatically shortens your URLs so no need to do that for Twitter anymore.
“Shortening URLs used to help you save precious characters on Twitter, but this is no longer the case. ALL URLs are now altered to 23 characters.
TL;DR: Using the full URL promotes honesty, transparency, and good digital hygiene. Posting shortened URLs does the opposite.”