Re: [ELPA] New package: shorten-url

[Nicolas Rybkin <nr68020@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 4098 bytes --]

https://clck.ru/FHnJJ is the alternative

> ~ $ curl https://clck.ru/FHnJJ
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
> <title>Redirecting...</title>
> <h1>Redirecting...</h1>
> <p>You should be redirected automatically to target URL: <a href="
> https://sba.yandex.net/redirect?url=https%3A%2F%2Fdebbugs.gnu.org%2Fcgi%2Fbugreport.cgi%3Fbug%3D34607&amp;client=clck&amp;sign=ae74c1736ecb62b804356c42c7186694
> ">
> https://sba.yandex.net/redirect?url=https%3A%2F%2Fdebbugs.gnu.org%2Fcgi%2Fbugreport.cgi%3Fbug%3D34607&amp;client=clck&amp;sign=ae74c1736ecb62b804356c42c7186694</a>.
> If not click the link.
>


On Sat, Mar 2, 2019 at 4:37 PM Yuri Khan <yurivkhan@gmail.com> wrote:

> On Sat, Mar 2, 2019 at 10:35 AM Richard Stallman <rms@gnu.org> wrote:
>
> > Is the shortened URL expanded locally inside Emacs?
> > Does it refer to a real website?
> >
> > In the example it gives https://qps.ru/MjrtW as an example, Was
> > https://qps.ru/ chosen by your customization?  If so, what made that
> > choice desirable?  Why not use sh:e/ (abbreviation of "short:emacs")
> > instead?  It is much shorter.
>
> URL shorteners work this way:
>
> 1. Alice gives an ordinary URL to an external web service.
> 2. That service generates a short ID, associates it with the input
> URL, and stores this association into its database.
> 3. It then responds to Alice with a shortened URL composed from the
> service’s prefix and the generated short ID.
> 4. Alice shares the shortened URL with Bob.
> 5. Bob accesses the shortened URL with a browser.
> 6. The web service looks up the ID in its database and retrieves the
> original URL.
> 7. It sends Bob an HTTP response that will, among other things, cause
> his browser to go to the original URL.
>
> So no, the expansion does not happen locally, it happens on the web
> service that generated the shortened URL.
>
> There are trust, integrity, privacy, and availability issues
> associated with URL shorteners:
>
> * Bob does not see where the shortened URL leads. It may expand to a
> link to a malicious resource, and Bob has to rely on his browser’s and
> operating system’s protection when his browser is redirected there.
>
> * The URL shortener service may attempt to track the users who use it
> to shorten or expand URLs, and collect statistics on individual
> shortened URL usage. Some actually offer this as a feature; e.g. Alice
> might learn whether Bob followed the shortened URL she sent.
>
> * The URL shortener service may attempt to display advertisements to
> users who access shortened URLs, before redirecting them to the
> expanded URL.
>
> * The URL shortener service may attempt to run non-free and/or
> malicious Javascript on the users’ browsers. Executing that Javascript
> might or might not be a requirement to obtaining the expanded URL.
>
> * The URL shortener service may be discontinued at any time at the
> decision of its maintainer.
>
> * The URL shortener service’s database may be compromised, changing
> the ID/URL associations.
>
> * The URL shortener service may reside on a host that later becomes
> blocked in a certain country.
>
>
> As an example, I accessed the https://qps.ru/MjrtW link with curl(1).
> I got a 46888-byte response that:
>
> * redirects to https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34607
> after 15 seconds or when the user clicks a hyperlink in the HTML;
> * attempts to load scripts from
> https://pushance.com/ntfc.php?p=2053241&tco=1 and
> https://dolohen.com/apu.php?zoneid=2053231;
> * attempts to load a (presumably tracking) image from
> https://counter.yadro.ru/hit, passing it the shortened URL, the URL of
> the page that referred the user to the shortened URL, the screen pixel
> count and color depth of the user, and a random number generated on
> the user’s browser;
> * displays an advertisement offering free-as-in-beer web forum hosting
> on mybb.ru;
> * and also contains a big unreadable blob of Javascript which I will
> not attempt to reverse-engineer.
>

[-- Attachment #2: Type: text/html, Size: 5959 bytes --]