The author didn't really elaborate on what makes this really troubling: the tens (hundreds?) of millions of existing shortlinks out there in the wild right now that would be worthless (or worse, directed to spam or abusive sites). Generally, it's bad, but maybe not the end of the world if a startup loses their domain. But this seems like it would be an unmitigated disaster for a service like bit.ly. I hope they're aggressively working on some kind of strategy to get away from that domain name ASAP.
And this, kids, is yet another example of why URL shortening services should be avoided. They've single-handedly put ability to break the functionality of a growing chunk of the internet into the hands of one demonstrably unstable dictator in a developing nation.
Doesn't matter if most of the links being generated are still at bit.ly. The issue isn't switching to a new domain after the fact; bit.ly has all the data for all those links and could setup a new domain right away, but all the old bit.ly links are still embedded all across the web. Getting those changed is the hard part.
Or, Libya could go crazy, decide to fuck with the rest of the world, and have every bit.ly link redirect somewhere that will blow up IE, Firefox, Flash, Quicktime, and Reader.
Out of curiosity, is there any kind of list the risks various TLDs pose to businesses? Something similar to the US State Department travel warning list, for example (but including the US too)?
I ask b/c I recently bought a .co domain for a side project which will depend heavily on the domain similar to bit.ly, and my surface impression is that Columbia is stable enough for TLD risk not to be an issue. But there is the FARC, drug cartels, and probabaly some unknown unknowns as well, and this .ly issue is making me wonder if I should reconsider before irreversibly locking in this domain.
They can probably just do a find and replace for the entire internet :-)
I remember seeing that bit.ly and maybe tr.im had an "open" approach to URLs and formed some sort of service where they allowed anyone to easily replicate their URL database? I can't find any trace if it though, so I might have the wrong services, but that might be a possible solution, companies like Twitter could utilise that to "rescue" a large number of links.
The troubling fact from an investors perspective is that for a bit.ly, the domain is nearly essential. Investing in a company where such a valuable asset is vulnerable to the whims of a dictator or third-world bureaucrat is unwise, to say the least.
Yeah, the difficult part is changing all those links all over the web; after all, bit.ly still has the metadata and could setup a new domain for it in a few hours. The problem is getting hundreds of thousands (or millions) of sites to change all those links. And what's worse is that Libya wouldn't even have to break the functionality; they could just introduce spam, ads, phishing, malware, etc. along the way. Bit.ly has effectively put billions of intentional clicks in the hands of the exact wrong person.
The right way to fix this if it all goes to shit would probably be at the DNS or browser level. At least then you have fewer people that you have to convince to change.
Do people really use URL shorteners for anything other than Twitter? (and,perhaps Rickrolling?)
I suspect you could delete every url shortener database right now, and after a week nobody would even notice. I'm pretty sure the majority of shortener uses are for Twitter (for obvious reasons, and who reads tweets more than a few days old?) and for intentional hiding of destination urls (Oh look, I'm pretending to provide useful information, instead I'm linking you to a funny cat picture!). I find it hard to believe any information or knowledge hidden behind bit.ly links is of any real value in improving the human condition...
(but I've been seriously wrong about emergent behavior amongst the general public before... I fully expect to have someone point out phd research papers with all the citations done with bit.ly links now...)
Oh, and "fixing it in the DNS or browser" is just wrong wrong wrong.
Are you _really_ suggesting that IANA or Microsoft/Mozilla/Apple/Google ought to be allowed to "hijack" some of Libya's .ly domain space, just to prop up the flawed business model of some <soundfx accent='Arrington'>dipshit little company</soundfx> ???
We already do spam and malware filtering at both of those levels...how is this different? I'm not saying that seizure alone would be enough to intervene at these levels, but if Libya decided to hijack these links for nefarious purposes, then yeah, I don't have a problem with it.
Yeah, if Libya went down the "nefarious purposes" path, we should probably filter at the browser level.
But think down the path you'd need to go if you chose to block bit.ly at the DNS level... Right now, IANA's root name servers delegate all .ly requests to name servers under Libya's control. I'm pretty sure there's no mechanism in place for the root servers to change that to "send all .ly requests to Libya _except for_ bit.ly requests, and serve them ourselves or send them elsewhere", and in my opinion there _shouldn't_ be any such mechanism because of the potential for abuse at government levels - would you want the Chinese government to know IANA has the ability to redirect traffic from domains they don't like?
So the _other_ alternative seems to be to have IANA refer all .ly requests to a new tld authority. Same problem - if you do that once, especially if you do it just to protect a company's profits/business model, how do you refuse a request from China to assume control of all of Tibet's tld?
Suggesting DNS level changes for bit.ly seems to me to open a whole can of very ugly worms...
I wonder if, even if Libya were a stable country with no reason to cause worry, if it would still be a bad idea to invest $10 million into such a simple product.
Unless there's a long term plan, I don't see where the monetization of this service can come from. I always thought after the last dot-com bust, we'd be sensitive and conservative in respect to questions of profitability and revenue, but this investment in bit.ly gave me a bit of a sense of deja-vu, and it wasn't a good feeling.
I think a common misconception is thinking that bit.ly is in the business of shortening URLs when in reality they're in the analytics business of tracking when, where and how often people use and share links.
As to monetization, they already have a $1000/month enterprise level plan that gives you tons of analytics and that runs lots of the custom branded URL shorteners (4sq.com, yhoo.it, pep.si, cs.pn).
If I were a bit.ly investor my number one concern would be Google linking up their goog.gl shortener with Google Analytics. Doing so would punch a huge hole in Bitly's value proposition.
Most other foo.ly startups can happily rename themselves fooly.com, but for bit.ly, there are so many existing links out there, and shortness is so important, that the transition would be much more painful.
That being said, no serious investor would have put $10M on bit.ly just because it's 5 characters long. The analytics or something else is where the value is, and that doesn't depend on the domain name being in Lybia.
What's the point in putting domain names under the control of a country these days anyway? I understand that Lybia or some organization therein collects a fee from people registering .ly domains, but it would certainly be possible to still pay them the fee without giving them the power to "turn off" domain names without cause. They could even retain the right to refuse to sell domains to people, but once you've bought the domain it needs to be yours in perpetuity, as it is with other property. This is a completely artificial problem based on archaic rules that has a straightforward solution.
The ISO country code domains aren't a public good; they're allocated to their respective countries, to use as they wish. Libya is within its rights not to allocate any domain names at all.
Conceptually within the DNS, there is no difference between APPLE.COM. and LY. You wouldn't expect Apple to allow random people to set up names under APPLE.COM. John Postel oversaw a decision, multiple decades ago, to allocate countries their two-letter ISO code; if you want to blame someone, blame Postel.
I personally think it's a reasonable policy, and that the fault lies in people willing to do business with a manifestly evil country for the sake of a vanity domain.
Actually, APPLE.COM. and LY. are different. You get the address of the LY. server from a public root nameserver; servers set up solely to provide a starting point for "the Internet". You only find APPLE.COM. because you look in COM. first.
When you choose to use the root nameserver, you are assuming they are making good decisions about who to delegate to. When COM. delegates to Apple's servers for APPLE.COM., that's a good decision. When the root nameserver delegates to the current LY. servers, that's a bad decision, because LY. does not hold up their end of the bargain and properly delegate. VB.LY. should delegate to VB.LY.'s servers. But for some reason, they refuse to do it. So the root server should simply not delegate to it.
Incidentally, nobody is forcing anyone to use "the" root nameservers. If you want vb.ly back, just use a different root!
This exact same argument says that Namecheap should lose its registrar status for "breaking the internet" when people don't pay to renew their domains.
Similarly, if Apple ever made the mistake of setting up an NS record pointing JROCKWAY.APPLE.COM to your nameserver, they'd be "breaking the internet" to change their mind.
The reality is that there is no technical difference at all between LY. and APPLE.COM.
As I understand it, one does not typically buy domains, but rather leases them. Your analogy to other kinds of property thus does not apply to domains.
I remember reading that nic.ly or their agents made some effort to contact vb.ly's owners to discuss their concerns with vb.ly, but received no response. The author attempts to paint nic.ly et al as being capricious, but it seems to me there were some attempts made to resolve this amicably.
Is it really a story that an Islamic nation would shut down a pornographer?
That seems like that is a foregone conclusion, whereas bit.ly is an incredibly visible, legitimate service.
Libya has had a tumultuous few decades, but today they're in the United Nations Security Council, have paid reparations for terrorism, and their president is the Chairman of the African Union.
Why would they destroy a partnership with the most visible silicon valley company to have any association with their country?
No, the story is that they can shut down a domain name and there is no appeal that can be filed.
You exist at the whim of the dictator.
To further provide fuel for the fire the author cites and example of them shutting down another URL shortening service because it was being used to link pornography. Something I'm sure Bit.ly is often used for as well.
And this, kids, is yet another example of why URL shortening services should be avoided. They've single-handedly put ability to break the functionality of a growing chunk of the internet into the hands of one demonstrably unstable dictator in a developing nation.