My Operaa dirty Web of redirections
Thursday, December 1, 2011 3:37:46 PM
The Web is taking a wrong turn with all these redirections minifier tracking you along the way of your clicks. And sometimes it becomes quite insane. Following my twitter account as usual, I see a link which seemed interesting.
First issue, Twitter is using its own minifier to capture all clicks, and you do not have the choice to deactivate it. That is wrong. Let's see where do I go from there.
Ok I'm being redirected to: http://zjb.go.ly Let's check it.
Huh yet another redirection, but notice that there is no Location header.
With Opera browser, I'm reaching this page which is not really encouraging for the user. Specifically the note at the bottom which says it failed.
And then in the Web page this time… It gives as the next URI, yet another URL minifier. sigh. Why so much hate?
Let's dig it!
Ah a location header which seems to make sense.
Alleluiah!
My question: Why do we put so much efforts into breaking the Web?
First issue, Twitter is using its own minifier to capture all clicks, and you do not have the choice to deactivate it. That is wrong. Let's see where do I go from there.
% curl -sI http://t.co/n3XZBLb0 HTTP/1.1 301 Moved Permanently Date: Thu, 01 Dec 2011 15:10:08 GMT Server: hi Location: http://zjb.go.ly Cache-Control: private,max-age=300 Expires: Thu, 01 Dec 2011 15:15:08 GMT Connection: close Content-Type: text/html; charset=UTF-8
Ok I'm being redirected to: http://zjb.go.ly Let's check it.
curl -sI http://zjb.go.ly HTTP/1.1 307 Temporary Redirect Date: Thu, 01 Dec 2011 15:11:47 GMT Server: Apache Location: http://preview.go.ly?zjb Cache-Control: max-age=259200 Expires: Sun, 04 Dec 2011 15:11:47 GMT Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 ACCEPT-RANGES: none
Huh yet another redirection, but notice that there is no Location header.
% curl -sI "http://preview.go.ly?zjb" HTTP/1.1 200 OK Date: Thu, 01 Dec 2011 15:35:59 GMT Server: Apache Cache-Control: max-age=259200, must-revalidate Expires: Sun, 04 Dec 2011 15:35:59 GMT X-DNS-Prefetch-Control: Off Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 ACCEPT-RANGES: none
With Opera browser, I'm reaching this page which is not really encouraging for the user. Specifically the note at the bottom which says it failed.
And then in the Web page this time… It gives as the next URI, yet another URL minifier. sigh. Why so much hate?
Let's dig it!
% curl -sI http://mzl.la/rR6RFC HTTP/1.1 301 Moved Server: nginx Date: Thu, 01 Dec 2011 15:10:42 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Set-Cookie: _bit=4ed798ee-002bc-02170-291cf10a;domain=.mzl.la;expires=Tue May 29 15:10:38 2012;path=/; HttpOnly Cache-control: private; max-age=90 Location: http://hacks.mozilla.org/2011/12/state-of-the-web-apis-an-interview-with-john-hammink/ MIME-Version: 1.0 Content-Length: 178
Ah a location header which seems to make sense.
% curl -sI "http://hacks.mozilla.org/2011/12/state-of-the-web-apis-an-interview-with-john-hammink/" HTTP/1.1 200 OK Server: Apache X-Backend-Server: pm-app-generic02 Vary: Accept-Encoding Cache-Control: max-age=60 Content-Type: text/html; charset=UTF-8 Date: Thu, 01 Dec 2011 15:39:02 GMT X-Pingback: http://hacks.mozilla.org/xmlrpc.php Link: <http://hacks.mozilla.org/?p=10390>; rel=shortlink Expires: Thu, 01 Dec 2011 15:40:02 GMT Transfer-Encoding: chunked Connection: Keep-Alive X-Powered-By: PHP/5.2.9 X-Cache-Info: caching
Alleluiah!
My question: Why do we put so much efforts into breaking the Web?
Kyle Simpsongetify # Thursday, December 1, 2011 4:15:39 PM
> Huh yet another redirection, but notice that there is no Location header.
Actually, there *is* a Location header, check the output of what you pasted above:
"Location: http://preview.go.ly?zjb"
Notice also that for this particular case, it's a 307 (temporary) redirect, rather than the normal 301 (permanent) redirect.
The reason for the 307, as well as being redirected to this landing page, is because *my* service is trying to be more protective of users. If someone chooses to shorten a URL which is itself already a shortened URL, or goes to a suspect/possibly-malicious location, or fails one of several other "soft-validation checks", instead of creating a direct passthru redirection (normal behavior), I force the URL into "auto-preview" mode. That is the landing page you are seeing.
The intent is (soon) to have lots of meta-data about the site, including a screenshot, show up on the preview page. That way, if someone follows a link that seems to be a chain of a bunch of redirects, they get this "sanity check" stop page, where they can preview what they're about to go to, and decide if they then want to proceed or not.
If a user enters a valid URL that doesn't have any redirects, auto-preview mode is not forced, and they get a direct valid 301 redirect. The vast majority of shortened URLs in my service are direct 301's.
In addition, if someone creates a URL and it is forced into auto-preview mode, and they have an account with the service (not just anonymous usage), they will have the chance to manually "validate" the link, to remove the "auto-preview" mode from it.
------------
I agree that redirection chaining is a troublesome (and often, but not always, suspicious/malicious) practice. That's why I have "auto-preview" mode and the various validity checks, to try and help provide a little more sanity. Users of my service are thus discouraged from shortening anything other than an original (no-redirect) URL.
Of course, once they have a golook.at URL, any of the other services (like twitter, bitly, etc) may not be so kind as to try to prevent redirection chaining. I have lots of issues with how the other services (particularly twitter's t.co) are causing problems for URLs.
Karl Dubostkarlcow # Thursday, December 1, 2011 4:38:58 PM
The No location header is for the next piece of code.
I think your service could be improved by giving the list of all following redirections. So the user would have the choice to jump to the last one instead of having to go through all of them.
So when you receive a request an HTTP client could explore what is coming for the user, and displays that to the user.
URIs redirection have been created to say: "Hey this piece of information here, it is now there."
Thanks for the explanation.
Kyle Simpsongetify # Thursday, December 1, 2011 5:01:48 PM
My plan was (once it's able to gather all the meta data, screenshot, etc), to display both the "next step" (that is, the URL that a user entered into the golookat service) as well as the "final step" (the end URL after all network redirects complete).
That way the user can skip over all the rest of the redirections if they want. Of course, if they do, some tracking will break. But this should be a niche corner case compared to normal usage, so I'm more worried about good experience for the user than for all the other shorteners.
Raanan Avidorravidor # Thursday, December 1, 2011 9:20:42 PM
Money?
They do solve an existing problem of long URLs that are hard to handle.
Do you have a solution?
Karl Dubostkarlcow # Friday, December 2, 2011 8:15:08 PM
Now if you tell me that the 140 chars limit is a reason for this. I say it's not a good reason. The metadata payload you can send in a tweet is a lot bigger than that.
Kyle Simpsongetify # Friday, December 2, 2011 8:30:20 PM
So, "golook.at" is actually not just a "link shortener", but a "link optimizer". I'm trying to help people create *better links* (because better links get more clicks).
Here's more of a description:
http://golook.at/tags/
In any case, I believe there are valid reasons why we might want to create "URL aliases", but most of the uses I agree are a bit bogus. I just don't think we should throw the baby out with the bathwater and assume that 100% of shortened links are bad. They just need to be rethought from what we've seen thus far. And that's what "golook.at" is trying to do.
Karl Dubostkarlcow # Monday, December 5, 2011 9:27:31 PM