Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is the Web Heading Toward Redirect Hell?

Posted by timothy on from the here-let-me-bounce-you-a-few-times dept.

Ant snips from Royal Pingdom this excerpt: "Google is doing it. Facebook is doing it. Yahoo is doing it. Microsoft is doing it. And soon Twitter will be doing it. We're talking about the apparent need of every web service out there to add intermediate steps to sample what we click on before they send us on to our real destination. This has been going on for a long time and is slowly starting to build into something of a redirect hell on the Web. And it has a price."

19 of 321 comments (clear)

  1. Re:It's a shame too... by The+MAZZTer · · Score: 4, Informative

    TinyURL has a cool feature to help with this. For TinyURLs, of course.

  2. optimize google by emkyooess · · Score: 4, Informative

    The Optimize Google add-in for Firefox gets rid of some of their hellish redirects. Sadly, it doesn't update frequently and seems prone to breaking.

  3. Re:How do you get offenders to stop? by tom17 · · Score: 5, Informative

    Like this? http://unshorten.com/

    I just 'thought of' that only to find it was done aages ago...

  4. Re:How do you get offenders to stop? by religious+freak · · Score: 4, Informative

    There is an RFC out there (I forget the number off the top of my head) which limits redirects to five. IE6 went above spec and allowed ... 20... I think. IE8 has shortened to allow 10 redirects. FF and Chrome allow the same or less. There is a limit on redirects by RFC, but many websites don't follow the rule and many browsers are forced to compensate because of this.

    Ironically, I was just recently accessing a gmail based email system with an Android phone and suddenly I get the message "too many redirects". So now there's no way my google phone can access my google mail. -1 for that one Google.

    --
    If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
  5. It's money, not knowledge by Morth · · Score: 2, Informative

    If someone is paying me for the clicks I send to their site, I need to count it so that I know how much I should charge, and they need to count it as well to know I'm not lying. They could make the count on the destination page, but usually it's far more easy to make a special service for it.

    A redirect page is usually just a couple of hundred bytes large. Cookies might add some clutter, but probably still less than 1k in each direction, still fits in a single packet. I don't see the problem here.

  6. Not all that new by shoptroll · · Score: 4, Informative

    Jeff Atwood hit on this issue in a blog post last year: http://www.codinghorror.com/blog/2009/06/url-shorteners-destroying-the-web-since-2002.html

    --
    Insert Sig Here
  7. Re:How do you get offenders to stop? by CannonballHead · · Score: 2, Informative

    But it's easy to explain the difference, so it's not entirely understandable.

    It's like understanding the difference between top speed and acceleration. Not a terribly hard concept.

    The real problem is the "internet" is a magic black box. Most people don't understand it's really just a big network, and works like a network... actually, somewhat similar to a much-quicker-delivery postal system, in simplistic terms. Except that there's a "request" thing, not just a "send" thing.

  8. Facebook by Xacid · · Score: 5, Informative

    To play the devil's advocate - facebook's redirects started as a way to filter out all the spam links.

  9. Redirect Remover for Firefox by michaelepley · · Score: 1, Informative
    huh? what? web sites are redirecting?

    (ok, RDR is not that good, but it helps, and I'm sure as this becomes even more prevalent, people will work around it)

  10. Re:It's a shame too... by piquadratCH · · Score: 4, Informative

    With bit.ly, you can simply append a "+" to the URL and get an information page showing, between other information, which URL hides behind it, e.g. http://bit.ly/cTGasX+. I don't know if they have a setting to always display this info page, but I'm sure there are usersrcipts and bookmarklets out there that automatically append a "+" to every bit.ly link.

  11. Re:How do you get offenders to stop? by shog9 · · Score: 5, Informative

    Close enough: https://addons.mozilla.org/en-US/firefox/addon/9549/

  12. Re:How do you get offenders to stop? by Menkhaf · · Score: 1, Informative

    A better analogy is water pipes. Bandwidth is width (the bigger, the bigger throughput), latency is pressure (the higher, the faster "it" travels).
    Of course, this being /., your almost-car analogy is probably better suited.

    --
    A proud member of the Onion-in-Hand alliance
  13. Re:How do you get offenders to stop? by kurokame · · Score: 3, Informative

    You know those exploding consoles on Star Trek? Did you ever wonder why someone would invent exploding keyboards? Now you know.

  14. Re:How do you get offenders to stop? by Chninkel · · Score: 2, Informative

    disable javascript on google.com: right-click and save url works like a charm :-) (although this also remove search autocompletion and instant ...)

  15. Re:wasn't there a time.... by JesseMcDonald · · Score: 5, Informative

    To be fair, that is nothing more than a workaround for several other major security issues:

    1. The referrer header itself. This header serves no useful purpose, and leaks information that the destination website has no need to know. There is no way to use the referrer information securely, since it can be trivially forged, but it does serve as an invaluable tool for malicious attacks and unwanted tracking.

    2. Session IDs should be validated to prevent hijacking. At the very least the session ID should be ignored if it comes from a different IP address than the one which created the session. It's not a perfect solution, given dynamic IPs, NAT, and proxies, but it would block most attacks without inconveniencing normal users.

    3. No private information, including session IDs, should ever go in the URL. HTTP POST requests or cookies are a better solution here. (Naturally, cookies should be valid only until the end of the session unless the user explicitly indicates otherwise.)

    --
    "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  16. It's called onmousedown! by spage · · Score: 3, Informative

    Yes you are really missing something! Just by viewing source you should notice on the a tag

      onmousedown="return rwt(this,'','','','3','AFQjCNElSuk8pqYMVk5pKG9sycYfDSh7zg','UsteGasJKDRPW0uis7I9Ig','0CCsQFjAC')"
      class="l"
      href="http://example.com/the/original/URL"

    So on mouseover you see the original URL, but on click, function rwt ("rewrite"?) sends you to Google first with all that tracking crap, which then redirects you on your way.

    If I right-click and Copy Link Location, I get a Google URL in Firefox with this tracking crap. If I feed that to curl, I don't get a status 301 redirect, I get a small piece of HTML back containing both a script that changes the window.location and a meta http-equiv refresh tag.

    Disable JavaScript to disable all this.

    --
    =S
  17. And yet, there's no need! by mcrbids · · Score: 2, Informative

    It would be trivial to do something with javascript - put an onclick handler that does an xmlHttpRequest to save the "needed" information without even needing to worry about header redirects and the like. The link can be something like

    <a href="http://www.thesite.com/path/to/page.html" onclick="return notifyBigBrother(this);">

    where notifyBigBrother() is a function that sends the click info to the search engine site. Why isn't this done?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  18. that's why I like the MVP HOSTS file by PJ6 · · Score: 2, Informative

    They get most of the major offenders in the list. Sure it breaks some links, but it's worth it.

  19. The ones I hate most... by Reziac · · Score: 2, Informative

    ...are those that come in perfectly legitimate email, stuff that I actively subscribed to. They already know where I came from, their own damned email. Why does it need to go through a redirecting clicktracker?

    Furthermore, it lets even legit emails send me somewhere not only unanticipated but also a pain in the ass, like links that unexpectedly open a whopping great PDF.

    Many thanks to folks who posted links to two URL de-obfuscator services, which are now permanently on my toolbar.

    http://unshorten.com/index.php
    http://www.longurlplease.com/

    --
    ~REZ~ #43301. Who'd fake being me anyway?