Twitter is to release an official URL shortening service to crack down on malicious links posted on the site.
Set to be rolled out during the summer, ‘t.co' will wrap all external links posted on the site. Twitter's Sean Garrett said on the website's blog that the service had been in development since early March when it had been routing links within its direct messages through its link service to detect, intercept and prevent the spread of malware, phishing and other dangers.
He said: “Any link shared in a direct message has been wrapped with a twt.tl URL. Links reported to us as malicious are blacklisted, and we present users with a page that warns them of potentially malicious content if they click blacklisted links. We want users to have this benefit on all tweets.
“If you want to share a link through Twitter, there currently isn't a way to automatically shorten it and we want to fix this. It should be easy for people to share shortened links from the Tweet box on Twitter.com. To meet both of these goals, we're taking small steps to expand the link service currently available in direct messages to links shared through all Tweets. We're testing this link service now with a few Twitter employee accounts.”
As an example he said that a link would appear as hxxp://t.co/DRo0trj for display on SMS, but it could be displayed to web or application users as a part of the URL or as the whole URL or page title.
“Ultimately, we want to display links in a way that removes the obscurity of shortened link and lets you know where a link will take you,” he said.
“If you are already partial to a particular shortener when you tweet, you can continue to use it for link shortening and analytics as you normally would, and we'll wrap the shortened links you submit.”
Commenting, Christopher Boyd, senior threat researcher at Sunbelt Software, said: “While this will be useful for tracking spam and reducing blind links, any theoretical gain in security could be lost if the metrics offered to regular users aren't as good as those provided by bit.ly and other services.”
Speaking to SC Magazine, Graham Cluley, senior technology consultant at Sophos, said: “I don't know who is powering the backend of Twitter's malware-scanning - but I imagine they may be using some of the free services like the Google Safe Browsing API to check the links before they allow users through. Of course, they may also partner with security vendors to augment their protection.”
Last year Sophos partnered with URL shortening website bit.ly, along with Websense to assist them in protecting users against visiting web pages that may contain a malware, spam or phishing threat.
Cluley said: “From the looks of things Twitter will use t.co both to provide them with stats (which they can make part of the service they offer their professional customers) and as a way to defend users from fast-spreading malicious links which have caused problems on the site in the past.
“I don't know for sure, but I would imagine that they would be ‘wrapping' their t.co shortlink around other link shortening services such as bit.ly. So you could end up with a t.co link that goes through bit.ly, which could end up at scmagazineuk.com.
“We've seen a massive growth in the number of reports of spam and malware being spread via social networks - so any steps that a site makes to try and control the spread of bad links has to be good news. Users are all too willing to click on links without thinking of the consequences so ‘safety-nets' like this are undoubtedly useful.”