How to tell if a shortened link is secure in 2015

If you hang out a lot on social media sites such as Twitter or Facebook, you have encountered countless links that were shortened.

What is meant by that is that proxy links tend to get posted on these sites that do nothing but redirect you to the real site when you click on them.

While that may make sense on Twitter with its artificial 140 character limit, it is a dangerous habit that has no real advantage other than reducing the number of characters displayed on the screen.

The danger lies in the fact that you don't know where a link leads you. A link like http://bit.ly/1pHtsqW reveals nothing about its destination and with that comes the danger that you get tricked into loading dangerous sites on the Intern.

Maybe you get redirected to a phishing website, a drive by download page, or a site that tries to attack you or your computer in other ways.

You can prepare your system for that somewhat though. Security software may assist you and protect you from many dangers for example, but there will never be 100% protection against all threats.

The source

You can use the source as an indicator. Who posted the link? Is it a trustworthy friend, a company or an individual that you don't know at all or barely?

While that may help you most of the time, it should not be used exclusively to assess the potential danger of a shortened link.

A friend may send you a link that you don't want to visit for example. This does not necessarily have to be a security issue. Maybe you don't want to be rickrolled again, or hate it when friends send you "2 girls one cup" like videos.

Then there is also the possibility of hacked accounts. If a friend's account has been hacked, malicious links may be pushed by the attacker to all followers or friends.

Revealing the link target

The best option that you have is to reveal the target of the shortened link. While it is usually possible to visit the website of the url shortener service to reveal the link target by entering the short version manually on it, it is not practical.

That's where tools come into play that assist you in that. A search for Chrome extensions and Firefox add-ons comes to a surprising result. While there are a handful of extensions available for Chrome that reveal shortened link targets automatically, there is not a single one available for Firefox that works.

The majority of add-ons for Firefox that reveal links date back to 2012 and earlier, and not a single one of them works.

Side note: There is still the possibility that an add-on exists for the browser but I was not able to find it on the official website. If you know of one that works, let me know in the comments.

Chrome users can select LinkPeelr for example which reveals link targets on hover. It supports a wide variety of services including t.co, bit.ly, is.gd or ow.ly to name a few.

So what can Firefox users use instead?

Firefox users can use a service link LongUrl instead. It is a web service that you can paste shortened links in to reveal their destination.

It is not nearly as comfortable as hovering the mouse over links but it is better than not being able to reveal a link destination at all.

The service maintained a Firefox add-on once but it has not been updated since 2009 and won't work in recent versions of the browser. The userscript too is not working correctly anymore.

An alternative to that is Unshorten which reveals the link target and displays Web of Trust ratings and whether hpHosts has blacklisted the url on the results page.

Now You: How do you handle shortened links?