Mini URL Services: User Convenience, But At What Price?

by Jonathan I. Ezor

URL shorteners are useful, but there are privacy issues to consider before you use them in business.

Anyone who has ever tried to e-mail or write down a long, complicated URL (Web address) knows how difficult it can be. Many times, URLs are too long to fit on a single line, and some e-mail programs will turn a one-line correct address into a two-line unusable one. Long URLs are also difficult to speak and remember, adding to the problems.

In response to this issue, individuals and companies have created a number of services, including TinyURL.com to turn overly long URLs into short ones. The user types in a short URL pointing at the service. The service automatically looks into a database, finds the longer URL, and causes the page corresponding to the longer address to be loaded into the user's browser. This process is meant to be not only easy but invisible to the user, and essentially instantaneous as well. Even better, most of these URL-shortening services are free to use.

Given the incredible convenience the URL-shortening services provide, why shouldn't every site owner and newsletter publisher use them as a matter of course? In short, because there are some risks, some significant, as well. The first major risk is reliability: if the shortening service should experience technical problems, or be shut down entirely, all the links to the service, including those that users may have noted in the past, will stop working. Worse still, a siteowner may not even be aware that the short URLs pointing to the site aren't functioning unless it notices a sharp decrease in traffic, as people try to reach the site using a short URL and fail. Remarkably, there are many businesses (especially e-mail publishers) that rely heavily on TinyURL and its competitors, without any sort of uptime guarantee or contract with the service.

There is a more subtle risk: even if the services are working, their operators can change the underlying links. Consider a situation where the long URL includes information that generate payments, as with affiliate programs. It is trivial for the URL service to change every such reference in its database to redirect the payments to the service itself. Again, neither the party whose links were changed nor the destination site owner will ever be aware of the change. This is not just speculation: while the URL services have not been reported to be doing this, some software vendors have: Gator and other "ad replacement software" publishers have been sued for distributing programs that actually change underlying addresses to capture affiliate commissions. Even outside the affiliate context, there is still the possibility that, by design or mistake, the URL services may change their database entries to alter the underlying addresses to which users are sent.



URL services also raise potential privacy issues, because they can collect a sizable amount of information about the users who type in their shortened addresses. Although the services will not know the actual identities of those users, the services can collect information including the sites from which the users have come (otherwise known as referrers), the sites to which they go, and the ISPs from which they come. The services may be able to use cookies to track users across sites, albeit anonymously, to put together behavior profiles.

This type of information has value, and in fact Web sites and even advertising servers such as DoubleClick resell this type of demographic data every day. Unlike DoubleClick, though, TinyURL (as one example) does not even have a privacy policy on its site, so there is no way of knowing what information is being collected by TinyURL, or what it is doing with the information it has. Customers may complain when their data are harvested by the URL services, and the use by a siteowner of a URL service that collects information may even violate the site's own privacy policy.

How can siteowners and newsletter publishers take advantage of URL services, given all the potential problems? The most reliable approach is an in-house solution, running URL shortening on one's own Web server and managing the redirection via an internal database. This ensures that short URLs are and remain functional and accurate.

Many siteowners and list publishers, though, don't have the resources available to do URL shortening themselves. For those organizations, it's important that if they do use a third-party service, they do so with eyes open. If the need justifies it (that is, if there is significant financial investment at stake), it's preferable to get a contract with a commercial URL service. This, though, will likely require more time and money, including service fees, and may even bring lawyers into the picture. Even if the site or listowner does not wish to go to the trouble or expense of a contract, it should ask these questions of any URL service provider it wishes to use:

  • How long has the URL service been in operation?
  • Is this a volunteer or commercially-supported operation?
  • Is there a published privacy policy? If so, what does it say about how information is collected and used?
  • If there is not a published privacy policy, what does the URL service provider say in response to questions about its information collection, use and sharing provisions?
  • Is there a written commitment by the URL service not to change the underlying URLs to which its short versions point?
  • How long will short URLs remain live? Do they expire, or will they work as long as the URL service is working?
  • Who else uses the service? What has their experience been?

In the end, effective use of short URLs to tame unwieldy Web addresses requires appropriate due diligence, technical review and possibly a contract or two, By identifying and addressing the real concerns over reliability and privacy set out above, both users and publishers can take full advantage of the utility and convenience of short URLs.


Jonathan I. Ezor is an attorney and author who is an Associate Professor of Law and Technology and the Director of the Institute for Business, Law & Technology at Touro Law Center in Huntington, NY. He is the author of Clicking Through: A Survival Guide for Bringing Your Company Online (Bloomberg Press 2000), co-author of Producing Web Hits (IDG Books 1997), and many articles. 

<

 
Free small business newsletter
 
Get great business ideas and advice like this sent to you in email twice a week.
 
Subscribe to the free Business Know-How newsletter. 
 
Enter your primary email address below

 

Follow Us and Share

Follow Us and Share