We Have Moved!

This blog has been retired and will receive no new content. To read new Cranial Soup articles, please visit our new location.

Sunday, April 18, 2010

Bit.ly is Harmful to Your Reputation

It all started with a simple innocent tweet. As Vivek Wadhwa was finishing up his excellent post on outsourcing he tweeted about it and I replied with a tweet of my own:

my original tweet

Note the URL I tweeted to him was shortened using the xrl.in service.

Now, Vivek is a TweetDeck user, and TweetDeck uses bit.ly to shorten links, even links that don't need shortening, like mine. So what do you think happened when he retweeted me and responded?

Vivek's retweet

That's right, my already shortened link was reshortened with bit.ly.

Now what do you think you see when you click that link? The site I was trying to link to?

No, you see a warning page that implies that my original link leads to a malware, phishing, spam, or forgery site.


So my link to a reputable site is being called a bad site by bit.ly because I used a competing URL shortening service in my original tweet.

Note that there is an email link to report mistakes on bit.ly's warning page. What do you think happens when you click it and report a mistake? Do they check the link and remove the flag if the site is ok?

No, they don't. They told me to make a new bit.ly link and give it out to people, as if that would undo the damage that was done, change the links in other people's tweets, and prevent others from retweeting the bad reputation damaging bit.ly link that I never made in the first place.

Then they apologized and told me some day their service will be better, still not removing the reputation damaging flag from the link.


Can something like this affect you and your website? You bet it can.

If you or anyone else ever tweets a link to your site using a competing URL shortening service, and that link gets retweeted with any twitter client that shortens all URLs with bit.ly (whether they need it or not) the resulting link to your site will be flagged as a bad site.

What happens when the average person clicks that link and sees that warning page? Well, the average person believes it and won't visit your site. And if your name is on the original tweet, it will also be on the retweet, giving you the reputation of passing out links to bad sites.

Will a smart web savvy user believe the bit.ly warning page? Maybe, maybe not. But the average person probably will. As a developer I have seen the average person believe a lot of things that were not true, placing their complete trust in things like that bit.ly page and other false positives, and believing the worst, even spreading the word about it as if it were the truth, telling others that a website or application was harmful. They think that companies don't do things like this without ironclad proof, so they believe every word of it.

What alarms me the most is the attitude of bit.ly with regards to this problem and how they refuse to remove the flag from innocent links. They don't care if your reputation is damaged.

And it is in the best interest of bit.ly not to fix the problem, since it makes more people use their service, worried that if they use another service and get retweeted, they could end up with a reputation damaging link to their site. So this whole problem serves to make more people use bit.ly, out of fear, rather than convenience or because they have a better service.

I am not a bit.ly user because it is not convenient for me. I have a browser plugin that uses xrl.in, that with a single click of a button, copies the shortened link to whatever page I am on to my clipboard, ready to paste anywhere I want.

Other links in the stuff I tweet use ff.im, because they are cross-posts from friendfeed. I was pretty sure if I post something on friendfeed, cross-posted to twitter and it gets retweeted, reshortened with bit.ly, it will result in one of those warning pages, too.

But I was wrong, it doesn't. In fact, there are a few other shorteners that don't get warning pages either, probably because they are so popular that they would get noticed pretty quick if bit.ly decided to pick on them.

Bit.ly does white list the following shorteners:

  • ff.im
  • youtu.be
  • goo.gl

There is no reason why bit.ly can't white list the rest of the popular shorteners if they can white list those. But those others are competing services and they don't feel like being nice guys about it. They would rather ruin the reputations of innocent people like you and me.

So what can you do to ensure you won't become a victim of bit.ly's "bad site" interstitial page?

There are only 2 things you can do:

1. Always use bit.ly to shorten your links and make sure everyone else in the world does too. (highly impractical, because you can't control what other people do.)

2. Let bit.ly know this is unacceptable. Tell them to play fair and white list the other shorteners. The choice of url shortener you use should be yours and not theirs, and you should not be punished with a reputation damaging warning page because you use a competing service. (easy to do)

  • Send them an email: support@bit.ly
  • Tweet them: @bitly
  • Spread the word by tweeting this post
  • Share this post on social networking sites
  • Blog about it
  • Tell your friends

Don't stop making noise about this till bit.ly stops damaging the reputations of innocent people.


UPDATE May 8, 2010: Bit.ly has changed their interstitial page, slightly. Instead of the top banner saying "WARNING - visiting this website may harm your computer" it now says "Stop - there might be a problem with the requested link"

But it goes on to say

  • Some URL-shorteners re-use their links, so bit.ly can't guarantee the validity of this link.
  • Some URL-shorteners allow their links to be edited, so bit.ly can't tell where this link will lead you.
  • Spam and malware is very often propagated by exploiting these loopholes, neither of which bit.ly allows for.

The link you requested may contain inappropriate content, or even spam or malicious code that could be downloaded to your computer without your consent, or may be a forgery or imitation of another website, designed to trick users into sharing personal or financial information.


I still consider this unacceptable. If bit.ly can detect a shortened link at the time someone clicks, they can detect it at the time someone submits it for shortening, and just not allow it. That page is completely unnecessary and can still be damaging to someone's reputation.


Come on, bit.ly, just do the right thing! How hard is it to just not reshorten?