We’ve all probably used them because they are so convenient.
The full URL for this blog post is http://www.bruceabernethy.com/2017/05/qr-codes-and-url-shorteners-beware/
The bit.ly shortcode is only http://bit.ly/QRShort
Which would you rather share with someone to type in?
Better yet, how about a QR code – this code people don’t even have to type in. Some smartphones have the ability to read these codes natively and any phone, tablet or computer with a camera has an app that can read these. Very easy, very quick.
So what’s the issue?
People with their “security hats on” would never go to a URL like http://www.myfunfacebook.ru/?username=bruce&autologin=true&myssn=3865551212&trackme=haaaqBjuqEXMKMYA8Ce4. But might they click on a shortened link or QR Code from a supposedly trusted site?
What to do?
There are browser plugins and helpful sites like http://urlex.org/ that will fully expand the URL for you before you go there. So you can see where the shortened URL ends up before you visit the site in your browser. There are also QR Code readers that will “two-step” the process. First rendering the URL for you and then optionally passing it off to the browser.
So don’t be paranoid, but do be aware – something may be hiding in there.