Twitter URL Shortener: Good Response to Phishing
The news sort of came out a bit under the radar, but Twitter announced a very interesting change they are implementing on their blog (March 9, 2010). Positioned as a response to phishing, they will be changing URLs in Direct Messages to their own twt.tl shortened redirects. Essentially, they can then track for bad behavior and block the URL altogether if the target web page is found to be malicious.
I applaud them for taking some action to integrate the security layer within their own infrastructure, as it is clear that more users than we’d like to admit can be “social engineered” to click on almost anything. No other URL shortener service has shown an ability to build in the needed level of control, and who would be able to make this work better than Twitter itself?
The question remains open as to where they intend to take this newfound capability in the future. And sure, if it can be used for DMs, why not have it available for all messages. This all comes down to how the new service is offered. Currently, it appears to be standard on all URLs in DMs, regardless whether they were shortened or not beforehand. If this were to become part of every tweet as well, would it be optional or the de facto shortener in all cases?
Here is the rub: sometimes you have to make tradeoffs for security purposes. Do we really lose anything important if they standardize on their own shortener, so long as we can still get all of the metrics and other “bells and whistles” we currently get via other tools? If it helps them proactively maintain a more secure environment on Twitter, I’m willing to make that sacrifice. Then again, I’m not on there trying to fool tweeps into clicking links to mischievous places.
I’ve seen various opinions out there, some in favor and some more cautious about Twitter having their own shortener. What’s your take on it? Fear of Big Brother or just another smart way to control misbehavior?
Cheers to local fave @Wesley83 (Wesley Faulkner) for sharing Twitter Alters Some Links to Improve Security (by Peter Kafka) on his Posterous page. That’s where I first learned the news, and he keeps a great personal blog on there.