Is the Web Heading Toward Redirect Hell? 321
Ant snips from Royal Pingdom this excerpt: "Google is doing it. Facebook is doing it. Yahoo is doing it. Microsoft is doing it. And soon Twitter will be doing it. We're talking about the apparent need of every web service out there to add intermediate steps to sample what we click on before they send us on to our real destination. This has been going on for a long time and is slowly starting to build into something of a redirect hell on the Web. And it has a price."
Re:It's a shame too... (Score:5, Informative)
optimize google (Score:5, Informative)
The Optimize Google add-in for Firefox gets rid of some of their hellish redirects. Sadly, it doesn't update frequently and seems prone to breaking.
Re:How do you get offenders to stop? (Score:5, Informative)
I just 'thought of' that only to find it was done aages ago...
Re:How do you get offenders to stop? (Score:5, Informative)
Ironically, I was just recently accessing a gmail based email system with an Android phone and suddenly I get the message "too many redirects". So now there's no way my google phone can access my google mail. -1 for that one Google.
It's money, not knowledge (Score:3, Informative)
If someone is paying me for the clicks I send to their site, I need to count it so that I know how much I should charge, and they need to count it as well to know I'm not lying. They could make the count on the destination page, but usually it's far more easy to make a special service for it.
A redirect page is usually just a couple of hundred bytes large. Cookies might add some clutter, but probably still less than 1k in each direction, still fits in a single packet. I don't see the problem here.
Not all that new (Score:5, Informative)
Jeff Atwood hit on this issue in a blog post last year: http://www.codinghorror.com/blog/2009/06/url-shorteners-destroying-the-web-since-2002.html [codinghorror.com]
Re:How do you get offenders to stop? (Score:3, Informative)
But it's easy to explain the difference, so it's not entirely understandable.
It's like understanding the difference between top speed and acceleration. Not a terribly hard concept.
The real problem is the "internet" is a magic black box. Most people don't understand it's really just a big network, and works like a network... actually, somewhat similar to a much-quicker-delivery postal system, in simplistic terms. Except that there's a "request" thing, not just a "send" thing.
Facebook (Score:5, Informative)
To play the devil's advocate - facebook's redirects started as a way to filter out all the spam links.
Redirect Remover for Firefox (Score:2, Informative)
(ok, RDR is not that good, but it helps, and I'm sure as this becomes even more prevalent, people will work around it)
Re:It's a shame too... (Score:5, Informative)
Re:How do you get offenders to stop? (Score:5, Informative)
Close enough: https://addons.mozilla.org/en-US/firefox/addon/9549/ [mozilla.org]
Re:How do you get offenders to stop? (Score:2, Informative)
A better analogy is water pipes. Bandwidth is width (the bigger, the bigger throughput), latency is pressure (the higher, the faster "it" travels). /., your almost-car analogy is probably better suited.
Of course, this being
Re:How do you get offenders to stop? (Score:4, Informative)
You know those exploding consoles on Star Trek? Did you ever wonder why someone would invent exploding keyboards? Now you know.
Re:How do you get offenders to stop? (Score:2, Informative)
Re:wasn't there a time.... (Score:5, Informative)
To be fair, that is nothing more than a workaround for several other major security issues:
1. The referrer header itself. This header serves no useful purpose, and leaks information that the destination website has no need to know. There is no way to use the referrer information securely, since it can be trivially forged, but it does serve as an invaluable tool for malicious attacks and unwanted tracking.
2. Session IDs should be validated to prevent hijacking. At the very least the session ID should be ignored if it comes from a different IP address than the one which created the session. It's not a perfect solution, given dynamic IPs, NAT, and proxies, but it would block most attacks without inconveniencing normal users.
3. No private information, including session IDs, should ever go in the URL. HTTP POST requests or cookies are a better solution here. (Naturally, cookies should be valid only until the end of the session unless the user explicitly indicates otherwise.)
It's called onmousedown! (Score:4, Informative)
Yes you are really missing something! Just by viewing source you should notice on the a tag
onmousedown="return rwt(this,'','','','3','AFQjCNElSuk8pqYMVk5pKG9sycYfDSh7zg','UsteGasJKDRPW0uis7I9Ig','0CCsQFjAC')"
class="l"
href="http://example.com/the/original/URL"
So on mouseover you see the original URL, but on click, function rwt ("rewrite"?) sends you to Google first with all that tracking crap, which then redirects you on your way.
If I right-click and Copy Link Location, I get a Google URL in Firefox with this tracking crap. If I feed that to curl, I don't get a status 301 redirect, I get a small piece of HTML back containing both a script that changes the window.location and a meta http-equiv refresh tag.
Disable JavaScript to disable all this.
And yet, there's no need! (Score:3, Informative)
It would be trivial to do something with javascript - put an onclick handler that does an xmlHttpRequest to save the "needed" information without even needing to worry about header redirects and the like. The link can be something like
<a href="http://www.thesite.com/path/to/page.html" onclick="return notifyBigBrother(this);">
where notifyBigBrother() is a function that sends the click info to the search engine site. Why isn't this done?
that's why I like the MVP HOSTS file (Score:2, Informative)
The ones I hate most... (Score:3, Informative)
...are those that come in perfectly legitimate email, stuff that I actively subscribed to. They already know where I came from, their own damned email. Why does it need to go through a redirecting clicktracker?
Furthermore, it lets even legit emails send me somewhere not only unanticipated but also a pain in the ass, like links that unexpectedly open a whopping great PDF.
Many thanks to folks who posted links to two URL de-obfuscator services, which are now permanently on my toolbar.
http://unshorten.com/index.php [unshorten.com]
http://www.longurlplease.com/ [longurlplease.com]