Secure your bit.ly URL – before somebody else does
14. Oct, 2009 
11 Comments
This isn’t one of those “sky is falling” posts, but it is important for marketing and brand managers to be aware of the implications of the bit.ly custom name feature and how it can wreck havoc with your company’s (and personal) brand.
Bit.ly is a popular shortening service that converts long URLs to a shortened, more palatable version for human consumption and also fits well with character-limited services such as Twitter. Despite its usefulness, there’s also a dark side to URL shortening thanks to bit.ly’s ability to create “custom names” in its service and it’s important to understand the implications, even if you don’t use bit.ly.
A brief overview of bit.ly.
Let’s say you wanted to share a YouTube video you created with your friends and the YouTube URL is http://www.youtube.com/watch?v=I1qHVVbYG8Y. If you were sending an e-mail, besides the ‘ugliness’ of the URL, its length doesn’t really matter. If you’re using the popular online service Twitter, you have to cram everything you want to say in 140 characters or less.
For example,
“This hilarious YouTube video of Simon’s Cat reminds me of our family cat Chester. He can be a real terror. http://www.youtube.com/watch?v=I1qHVVbYG8Y“
The above tweet exceeds Twitter’s 140 character limit by 10 characters. If we wanted to post this, we would have to cut back on the text. Now, if we use bit.ly to shorten the YouTube URL, our tweet would be:
“This hilarious YouTube video of Simon’s Cat reminds me of our family cat Chester. He can be a real terror. http://bit.ly/ytQkg“
Note, the only difference is the URL (in blue) is the only change. Bit.ly saved us 23 characters!
Whenever you shorten a URL, bit.y keeps the original URL, and maps an odd-looking, but globally unique identifier. In our example above, this identifier is ‘ytQkg’. When somebody visits your shortened link, their web browser queries bit.ly and is in turned redirected to the full URL you originally shortened.
But wait, there’s more: Custom names in bit.ly!
In addition to providing pretty cool statistics about your shortened links (beyond the scope of this post), bit.ly also lets you specify your own identifier, called a “custom name” in lieu of its own meaningless identifier. This means, if I wanted create a shortened URL to my website, I could create http://bit.ly/benlucier that would redirect to http://www.benlucier.ca.
The dark side of the bit.ly custom name.
Custom name is a powerful feature of bit.ly, but it can also be dangerous to personal and corporate brands, especially as bit.ly grows in popularity. For example, what if a disgruntled customer created a shortened URL targeted at you? http://bit.ly/yourcompanyname could redirect to http://www.ihatecompanyname.com. It’s happened already. Once a URL has been shortened, the custom name or identifier cannot be changed with intervention by bit.ly.
Custom names may not seem like much of a threat now. In fact, I’d be surprised if users and organizations outside of the ‘Twitterverse’ have even heard of bit.ly or its utilitarian use. But as Twitter becomes more prevalent, so will online shortening services.
It only takes a second to shorten a URL with your company’s names and trademark, pointed to your website. I recommend you do it now before somebody else does. You might not like where they point it.
We just published a Case Study, TWITTER: THE DARK SIDE – Does Bitly Enable a Massive Click Fraud and I can tell you that its “dark side” is multi-layared. For one, statistics Bit.ly provides is egregiously inaccurate at best and fraudulent at worst. Bit.ly counts cyberspace’s ghosts and drones, bots and crawlers, presenting them all as humans. We even found one single Bitly with over a MILLION (1,677,769 to be precise) phony cliks. It’s here:
http://www.seo-artworks.com/Twitter/twitter-study-millionclicks.htm
Other vulnerabilities along the lines you discussed are also in the Study but man, the need for an urgent need for a standardization of URL shorteners and honest, peer reviewed, analytical tools that advertisers and users alike can trust.
For less malevolent purposes like honest advertising and or tracking, URL shorteners need to have a standard that would clearly identify a creator of the short link and who clicked on the said link, or at least to clearly distinguish automated, bots generated clicks from a real, human clicks.
Roman, thanks for chiming in, much appreciated.
Ben, nice article, thanks. One of the biggest problems for me with URL shortners is that when we share links and bookmarks sites, etc, we’re normally ‘training the machine’ (see this excellent video on the collaborative web / web 2.0 on YouTube: http://www.youtube.com/watch?v=NLlGopyXT_g). It is possible for machines and people to leverage the information that links from web pages, twitter feeds, and thousands of other collaborative and sharing sites to ‘understand’ the web better and draw conclusions about linked data. The URL is a powerful and scalable tool. It runs on public or publically shared infrastructure like DNS. If a URL is the same, it points to the same content / service. The move towards RESTful URL’s by sensible sites even make the typical URL full of value – human readable information at a glance packed into a single string.
The problem with URL shortners is that we lose almost all of that. The shortened link posted (whether on Twitter or otherwise) could be valueless if the private URL shortening service goes out of business – no one can decode it in the future. On top of that, two URLs can point to the same web site. Sure, in theory you could have code to decode the shortened link in order to use it (I’m sure Google might do this) but these private services could be resource challenges or are free to throttle their service and no one can step in an help them out or take over the system without their permission (the Internet and DNS on the other hand can be scaled and supported by many organizations without any special proprietary information.
Others have explained these concerns in articles much better than me, and if I had the links handy and more time I would paste them here; but suffice to say, I think there’s many a dark side to URL shortners, and badly presented data and fraudulent company links are just a part of the problem.
John, I only use URL shortening while I’m on Twitter. What else would you have people do? As for whether these companies stay in business or not, I don’t really care. A bitly link for me has always served as a temporary redirect for longer links. If they stopped responding in a month, I don’t really care. :)
I don’t think people rely on bitly for anything more than a temporary redirect… I could be wrong though (anybody else care to chime in?) The purpose of this post was to advise people of the annoyance of a bitly URL being used in a negative manner against them. With apologies to Jeremy Wright, see here for an example: http://bit.ly/jeremywright
Hi Ben,
I understand the point of the article, and it’s good advice for sure. I’m just adding to Roman’s comment about URL shortening having a darker side. While you may consider it only a temporary link, the twitter steam is part of the social record on the web. It’s not that they stop responding per se, it’s that they can’t be processed easily in their current form. People do use shortening on more than just Twitter unfortunately – they existed before Twitter (tinyurl.com for example). I’ll see if I can find better write ups than I have given of the problems they pose and send them to you.
By the way, the better alternative would be for Twitter to expand their API to support a URL sharing slot – only sending the shortened URL’s when needed (SMS) – like meta data on the tweet, much like they now abstract retweeting or currently share meta information about replies. This would prevent the absolute need for shortening and people would finally know where people are linking them to when they read their Twitter streams!
I don’t mean to distract from your well written and timely article (I know this is not exactly on topic), so I won’t post any more here.
Warcraft русск. яз. Магический мир Азерота раздирает кровавая, опустошительная война. Орды неистовствуют, пытаясь достичь окончательного успеха.
АльфaБaнk на янвape — фeвpaлe 2009 возраст пoдaл 6 исков для Глaвмoсстpoю для сумму 1,035 млpд рублей.
Это тотализаторы вместе с возможностью поступать ставки для разные события в течение спорте да политике.