I built (and sold) cli.gs, one of the 13 final complaint services. The system that evolved was effectively strict border controls along with frequent police checks:<p>1. When a new URL shortening request is received, the requester is checked and the destination is also checked. If both pass, the new short URL is returned.<p>2. When a short URL forwarding request was received (i.e. the bulk of the traffic), the destination is checked again at a configurable probability. If the destination is now deemed malicious, it is disabled on the spot and a message is shown. In times of spam attacks, the checking probability would be set to 100%.<p>I blogged about this when it launched and started evolving:<p><a href="http://blog.cli.gs/news/new-anti-spam-and-anti-malware-features" rel="nofollow">http://blog.cli.gs/news/new-anti-spam-and-anti-malware-featu...</a><p><a href="http://blog.cli.gs/news/more-anti-spam-and-anti-malware-protection" rel="nofollow">http://blog.cli.gs/news/more-anti-spam-and-anti-malware-prot...</a>
Interesting article, but I find the author's use of statistics to be quite bizarre...<p>[quote]
Approximately 68% of URL shortening services were Stage 1 Compliant.<p>Approximately 56% of URL shortening services were exclusively Stage 2 Compliant.
[/quote]<p>It seems from his numbers that he just meant to not include the word "exclusively", even though it was italicized. Also, I'm not sure what prompted the venn diagram with three sections "A", "B", and "A and B". Most of the regions (such as "A"-and-"A and B"-not-"B") are empty, for good reason.
Were they supposed to be safe? How can they be classified as "safe" or "unsafe?" It's like calling tar or zip utilities insecure because the archives produced might contain malware.
Am I missing something or is the Venn Diagram horrible. There are "Stage 1 Compliant" and "Stage 2 Compliant" areas, the overlap of which would logically be "Stage 1 and Stage 2 Compliant" Instead there is a third area for "Stage 1 and Stage 2 Compliant" with the count in the label instead of the area.<p>That whole chart is either ridiculous or I am a moron and can't parse it with my brain.
Hmmm. I'm not sure URL shorteners should be "secure". The service I want from them is very well defined: take this long URL and make it very short.<p>I am certainly not asking them to make a judgment on whether my request was well conceived.<p>What's next? Blocking NSFW URLs? Pornographic URLs? Politically offensive articles?