That's really unfortunate. And it's not just performance, it really messes around with OS-level URL handling protocols like Android intents (and possibly FB's app links and iOS's new Extensibility).
I recently found this happening with Twitter's Android app. The user sees a link to player.fm and thinks it will open the native Player FM app if they have it installed, since it's registered to handle that URL pattern. But instead, the OS offers web browsers and Twitter as ways to open the link, because it's not really a player.fm link as presented to the user, but a t.co link. If the user then chooses a browser, the browser immediately redirects to the correct URL, which then pulls up the intents menu again.
7 redirects could potentially be 7 popup menus for the user to navigate through.
The OS could pre-emptively follow redirects, but that would of course introduce considerable latency since normally the menu is presented without any call being made at all. Maybe the best solution for OSs is to present the menu immediately but still make the call in the background, so the menu could be updated if a redirect happens.
"I don't see any work happening in HTTP 2.0 to change it."
Probably the best HTML standard for dealing with it is the "ping" attribute which allows a way for servers to be notified of a click without actually redirecting. However, that's HTML and not HTTP, and these days, apps are more popular HTTP clients than browsers, and apps don't manually bother to implement things like that.
So there are probably things that could be done with the standard. Perhaps using some distributed lookup table to ensure at most 1 redirect (by caching the redirect sequence and returning it with the first request). That does ignore any personalisation that goes on, but generally these should be permanent redirects without personalisation anyway.
> I recently found this happening with Twitter's Android app. The user sees a link to player.fm and thinks it will open the native Player FM app if they have it installed, since it's registered to handle that URL pattern. But instead, the OS offers web browsers and Twitter as ways to open the link, because it's not really a player.fm link as presented to the user, but a t.co link. If the user then chooses a browser, the browser immediately redirects to the correct URL, which then pulls up the intents menu again.
You don't even have to go that far. Just click on a youtube link. First it'll ask if you want the www.youtube.com url to play in a browser or the app (which sucks), then it'll redirect to m.youtube.com and ask you again.
Only reason I haven't set it as my permanent choice is because I still hold out some shred of hope that the youtube app will be able to play an entire video without stopping for 2 seconds every 3 some day in the future.
That will break just about every affiliate program that I'm aware of. Of course this is your intention but there will be a very large number of websites that will see their turnover plummet if that should happen.
I personally would not mind but I'm pretty sure that a lot of monied interests would not like to see this happen.
This would result in marketers returning 200 responses to set the cookie and render a page with javascript that sets `window.location` instead, which would be even slower.
How would that affect the single sign-on case? AFAIK it's common practice to issue redirects to people who are not authenticated to send them to the identity provider's (IDP's) login page. This would make it hard for an IDP to determine if the user already has an active session with them.
Click count statistics, time-clicked, and geo-information can all be gotten without any cookies. Some sites use url shorteners just to see clickthrough statistics, which can always be determined with no cookies etc.
I think the most practical solution to this, requiring only a change in practice and not in standard, would be for link shorteners to start doing HEAD requests on the urls they shorten and unwrap it to make their shortened link canonically correct if it results in a permanent redirect.
Yeah, there are things that might have some problems with this, but they're things that are probably somewhat abusive to the 301 status code to begin with.
> Redirects are being abused and I don't see any work happening in HTTP 2.0 to change it.
I agree that this is an unfortunate pattern, but what exactly could the HTTP spec do to change it? The only thing I can think of is limiting the number of chained redirects, although I don't see browsers implementing that if longer chains are even remotely common.
Why do we need a technical solution. My understanding is that the author is arguing for a change in how URL shorteners are being used, not a technical change making this impossible. The problem is that once a technology exists, it will be abused. Sometimes this abuse is just a clever and useful hack, and sometimes it is annoying and anti-usable.
If I remember correctly, there was an old (very old) project with reversible links called Project Xanadu.
if my sketchy memory serves me, it was based around using a currency and updatable links. Along with that, the idea was that you could also share segments of movies and music with the hyperlink system.
I'm pretty sure it died a pitiful death due to it being completely secret until after HTTP got ingrained.
I think the other issue is that these aren't being used as URL shorteners any more (in the sense they were when they were used for Twitter's 140 character limit). They are tracking URLs, gathering data about you at each hop.
If the HTTP spec added 2 new VERBS (SHORT, LONG) as a method of shortening and elongating URLs then many things could be done.
1.) The browser could pro-actively lengthening the URL and the same way the server can respond 302/301 now the browser could cache this.
2.) The server could hand-back the final long URL with out needing to redirect the URL multiple times
3.) We could create services that can be integrated into the server software that integrate 3rd parties.
4.) Each domain could create their own shortened URL domains and mask it in a better way.
My guess would be for analytics, so it knows how its own service is being used and who is accessing websites through it. It comes with a convenient feature that bad URLs can be taken down on its site.
This is classic "Tragedy of the commons" behavior where each individual group with a link shortener is benefited by encouraging and enforcing its usage (ability to kill malicious links easily, user tracking, etc)
I'm not sure if this can be resolved until users are educated sufficiently on the long-term adverse effects of link shortening services (link rot, privacy concerns, slow/broken redirects, etc).
For change to happen the demand for direct links (generated explicitly by things like this blog posts, or implicitly by higher bounce rates due to long loading times) will need to be enough to outweigh the benefits to organizations that are building them.
Edit:
Even if there is evidence that shows this, why should _I_ be the one to give up my link shortener service when it will have no significant improvement to the overall problem which involves tens or hundreds of these services?
This is propagated by people not really understanding URLs and blindly reposting links that have already been wrapped in a URL shortener through services that wrap them in another one. Whenever I repost links, I repost only the URL of the final page, stripping off anything unnecessary. Sadly, the trend of browsers hiding URLs or pieces of them is not helping the situation either.
I don't think this can be solved technologically - HTTP redirects are not difficult to detect but a lot of these shorteners (and becoming increasingly more common) use Javascript and/or meta tags to accomplish redirection. The solution is better educated users that don't create chains of shortened URLs.
Could a URL wrapper service follow a URL through its redirects only wrap the final address?
I'm not a networking expert, but it seems viable enough to me. Shoot out a GET request, wrap the final address with your shortener. Cut out the middlemen.
It's an idea. It might fail at scale. And might not be feasible.
I always figured trib.al and bit.ly and their ilk offered different analytics or whatever and that that's why some URLs would bounce through both. I see this especially in major journalism outlets.
The user experience on mobile with multiple url-shortener redirects is beyond annoying. Every new HTTP connection opened on over a marginal cell or wifi connection can stall or fail, even when the actual destination site is up and reachable.
I'm no SEO guru, but isn't the recommended behavior to create a URL that matches the title of the blog post? I've seen these "post title" URLs with increasing frequency over the past few years.
> Every redirect is a one more point of failure, one more domain that can rot, one more server that can go down, one more layer between me and the content.
These are all good reasons, but are there any real users who are actually being affected by these issues? If it is just a theoretical concern, then I don't think it is reasonable to call the situation "officially out of control".
Seven redirects to different domains means seven new TCP connections being established, very likely over a crappy mobile connection (see twitter usage numbers from mobile). The user experience is definitely being harmed here.
I've lived in the Philippines for awhile, and the big telcom here, PLDT, has terrible DNS. t.co links are the most obvious point of contention, where they just won't resolve 90% of the time. It's incredibly obnoxious, especially on a mobile device where DNS settings aren't (easily) exposed.
A little off topic, but I seem to recall seeing, probably some years ago, a post on HN about someone a reversable url shortening algorithm that could convert from the shortened url back to the original. Can't find it now, anyone recall this, or did I dream it?
I get the link-rot concern (and 7 re-directs as showcased in the FA is absurd) but these are services are mostly used on twitter and social media where the life-span of a post sharing a link is hours to a day or so, at most.
I couldn't find anything that would output something similar to the redirects image shown in this post, so wrote a small script in node to do that. It looks like this: http://cl.ly/image/3T3e462G1C3d
[+] [-] mmahemoff|11 years ago|reply
I recently found this happening with Twitter's Android app. The user sees a link to player.fm and thinks it will open the native Player FM app if they have it installed, since it's registered to handle that URL pattern. But instead, the OS offers web browsers and Twitter as ways to open the link, because it's not really a player.fm link as presented to the user, but a t.co link. If the user then chooses a browser, the browser immediately redirects to the correct URL, which then pulls up the intents menu again.
7 redirects could potentially be 7 popup menus for the user to navigate through.
The OS could pre-emptively follow redirects, but that would of course introduce considerable latency since normally the menu is presented without any call being made at all. Maybe the best solution for OSs is to present the menu immediately but still make the call in the background, so the menu could be updated if a redirect happens.
"I don't see any work happening in HTTP 2.0 to change it."
Probably the best HTML standard for dealing with it is the "ping" attribute which allows a way for servers to be notified of a click without actually redirecting. However, that's HTML and not HTTP, and these days, apps are more popular HTTP clients than browsers, and apps don't manually bother to implement things like that.
So there are probably things that could be done with the standard. Perhaps using some distributed lookup table to ensure at most 1 redirect (by caching the redirect sequence and returning it with the first request). That does ignore any personalisation that goes on, but generally these should be permanent redirects without personalisation anyway.
[+] [-] stormbrew|11 years ago|reply
You don't even have to go that far. Just click on a youtube link. First it'll ask if you want the www.youtube.com url to play in a browser or the app (which sucks), then it'll redirect to m.youtube.com and ask you again.
Only reason I haven't set it as my permanent choice is because I still hold out some shred of hope that the youtube app will be able to play an entire video without stopping for 2 seconds every 3 some day in the future.
[+] [-] Groxx|11 years ago|reply
It usually works, and when it does it's nice to fix the idiotic Twitter-android-app behavior.
[+] [-] alttab|11 years ago|reply
[+] [-] joshu|11 years ago|reply
http://joshua.schachter.org/2009/04/on-url-shorteners
[+] [-] treve|11 years ago|reply
[+] [-] nostromo|11 years ago|reply
(Or perhaps only allowed a cookie if the redirect was served by the same domain as the target domain.)
[+] [-] jacquesm|11 years ago|reply
I personally would not mind but I'm pretty sure that a lot of monied interests would not like to see this happen.
[+] [-] narsil|11 years ago|reply
[+] [-] porpoisemonkey|11 years ago|reply
[+] [-] euank|11 years ago|reply
Click count statistics, time-clicked, and geo-information can all be gotten without any cookies. Some sites use url shorteners just to see clickthrough statistics, which can always be determined with no cookies etc.
[+] [-] noblethrasher|11 years ago|reply
[+] [-] thrill|11 years ago|reply
[+] [-] stormbrew|11 years ago|reply
Yeah, there are things that might have some problems with this, but they're things that are probably somewhat abusive to the 301 status code to begin with.
[+] [-] bagels|11 years ago|reply
[+] [-] baddox|11 years ago|reply
I agree that this is an unfortunate pattern, but what exactly could the HTTP spec do to change it? The only thing I can think of is limiting the number of chained redirects, although I don't see browsers implementing that if longer chains are even remotely common.
[+] [-] rinon|11 years ago|reply
[+] [-] kefka|11 years ago|reply
if my sketchy memory serves me, it was based around using a currency and updatable links. Along with that, the idea was that you could also share segments of movies and music with the hyperlink system.
I'm pretty sure it died a pitiful death due to it being completely secret until after HTTP got ingrained.
[+] [-] ghayes|11 years ago|reply
[+] [-] bbuffone|11 years ago|reply
1.) The browser could pro-actively lengthening the URL and the same way the server can respond 302/301 now the browser could cache this. 2.) The server could hand-back the final long URL with out needing to redirect the URL multiple times 3.) We could create services that can be integrated into the server software that integrate 3rd parties. 4.) Each domain could create their own shortened URL domains and mask it in a better way.
[+] [-] lyndonh|11 years ago|reply
The most obvious one is Twitter, always using it's own service regardless.
[+] [-] sukuriant|11 years ago|reply
[+] [-] terracatta|11 years ago|reply
I'm not sure if this can be resolved until users are educated sufficiently on the long-term adverse effects of link shortening services (link rot, privacy concerns, slow/broken redirects, etc).
For change to happen the demand for direct links (generated explicitly by things like this blog posts, or implicitly by higher bounce rates due to long loading times) will need to be enough to outweigh the benefits to organizations that are building them.
Edit:
Even if there is evidence that shows this, why should _I_ be the one to give up my link shortener service when it will have no significant improvement to the overall problem which involves tens or hundreds of these services?
[+] [-] MichaelGG|11 years ago|reply
It wouldn't solve it completely, but it'd kill the 7 redirects thing.
[+] [-] userbinator|11 years ago|reply
I don't think this can be solved technologically - HTTP redirects are not difficult to detect but a lot of these shorteners (and becoming increasingly more common) use Javascript and/or meta tags to accomplish redirection. The solution is better educated users that don't create chains of shortened URLs.
[+] [-] codyb|11 years ago|reply
I'm not a networking expert, but it seems viable enough to me. Shoot out a GET request, wrap the final address with your shortener. Cut out the middlemen.
It's an idea. It might fail at scale. And might not be feasible.
[+] [-] rhizome|11 years ago|reply
[+] [-] cratermoon|11 years ago|reply
[+] [-] whalesalad|11 years ago|reply
[+] [-] chadgeidel|11 years ago|reply
[+] [-] shanselman|11 years ago|reply
[+] [-] jpatokal|11 years ago|reply
[+] [-] shawnz|11 years ago|reply
These are all good reasons, but are there any real users who are actually being affected by these issues? If it is just a theoretical concern, then I don't think it is reasonable to call the situation "officially out of control".
[+] [-] chetanahuja|11 years ago|reply
[+] [-] rhizome|11 years ago|reply
[+] [-] RazorCrusade|11 years ago|reply
[+] [-] SkyMarshal|11 years ago|reply
[+] [-] cezary|11 years ago|reply
There's also this service that expands shortened urls: http://longurl.org/
[+] [-] fiatjaf|11 years ago|reply
[+] [-] spinchange|11 years ago|reply
[+] [-] Lifescape|11 years ago|reply
Here's the script: https://gist.github.com/akenn/7ca7e99a51c3a4abc049
Speaking of, what software did this guy use? Is there a bash script that's better than what I wrote?
[+] [-] tericho|11 years ago|reply
[+] [-] X-Istence|11 years ago|reply
https://gist.github.com/bertjwregeer/12ae691e5c285f334a36
No need to use Node.
[+] [-] voltagex_|11 years ago|reply
[+] [-] Istof|11 years ago|reply
[+] [-] encoderer|11 years ago|reply
[+] [-] rhizome|11 years ago|reply
[+] [-] RobotCaleb|11 years ago|reply
[+] [-] jhrobert|11 years ago|reply
Otherwise "interceptors/tracers" seems a better name.