[ryanwaggoner]

The author didn't really elaborate on what makes this really troubling: the tens (hundreds?) of millions of existing shortlinks out there in the wild right now that would be worthless (or worse, directed to spam or abusive sites). Generally, it's bad, but maybe not the end of the world if a startup loses their domain. But this seems like it would be an unmitigated disaster for a service like bit.ly. I hope they're aggressively working on some kind of strategy to get away from that domain name ASAP.

And this, kids, is yet another example of why URL shortening services should be avoided. They've single-handedly put ability to break the functionality of a growing chunk of the internet into the hands of one demonstrably unstable dictator in a developing nation.

[simonw]

bit.ly have been running j.mp for quite a while - I've used that instead of bit.ly whenever I needed a short URL with statistics tracking.

[ryanwaggoner]

Doesn't matter if most of the links being generated are still at bit.ly. The issue isn't switching to a new domain after the fact; bit.ly has all the data for all those links and could setup a new domain right away, but all the old bit.ly links are still embedded all across the web. Getting those changed is the hard part.

[tptacek]

Or, Libya could go crazy, decide to fuck with the rest of the world, and have every bit.ly link redirect somewhere that will blow up IE, Firefox, Flash, Quicktime, and Reader.

Crazy-er, I mean.

[SkyMarshal]

Out of curiosity, is there any kind of list the risks various TLDs pose to businesses? Something similar to the US State Department travel warning list, for example (but including the US too)?

I ask b/c I recently bought a .co domain for a side project which will depend heavily on the domain similar to bit.ly, and my surface impression is that Columbia is stable enough for TLD risk not to be an issue. But there is the FARC, drug cartels, and probabaly some unknown unknowns as well, and this .ly issue is making me wonder if I should reconsider before irreversibly locking in this domain.

[citricsquid]

They can probably just do a find and replace for the entire internet :-)

I remember seeing that bit.ly and maybe tr.im had an "open" approach to URLs and formed some sort of service where they allowed anyone to easily replicate their URL database? I can't find any trace if it though, so I might have the wrong services, but that might be a possible solution, companies like Twitter could utilise that to "rescue" a large number of links.

[acpigeon]

The troubling fact from an investors perspective is that for a bit.ly, the domain is nearly essential. Investing in a company where such a valuable asset is vulnerable to the whims of a dictator or third-world bureaucrat is unwise, to say the least.

[Macha]

Luckily all bit.ly links are the sane for j.mp. Telling people to change them will be harder though.

[ryanwaggoner]

Yeah, the difficult part is changing all those links all over the web; after all, bit.ly still has the metadata and could setup a new domain for it in a few hours. The problem is getting hundreds of thousands (or millions) of sites to change all those links. And what's worse is that Libya wouldn't even have to break the functionality; they could just introduce spam, ads, phishing, malware, etc. along the way. Bit.ly has effectively put billions of intentional clicks in the hands of the exact wrong person.

The right way to fix this if it all goes to shit would probably be at the DNS or browser level. At least then you have fewer people that you have to convince to change.

[bigiain]

"all over the web?"

Do people really use URL shorteners for anything other than Twitter? (and,perhaps Rickrolling?)

I suspect you could delete every url shortener database right now, and after a week nobody would even notice. I'm pretty sure the majority of shortener uses are for Twitter (for obvious reasons, and who reads tweets more than a few days old?) and for intentional hiding of destination urls (Oh look, I'm pretending to provide useful information, instead I'm linking you to a funny cat picture!). I find it hard to believe any information or knowledge hidden behind bit.ly links is of any real value in improving the human condition...

(but I've been seriously wrong about emergent behavior amongst the general public before... I fully expect to have someone point out phd research papers with all the citations done with bit.ly links now...)

[bigiain]

Oh, and "fixing it in the DNS or browser" is just wrong wrong wrong.

Are you _really_ suggesting that IANA or Microsoft/Mozilla/Apple/Google ought to be allowed to "hijack" some of Libya's .ly domain space, just to prop up the flawed business model of some <soundfx accent='Arrington'>dipshit little company</soundfx> ???

That way lies madness...

[ryanwaggoner]

We already do spam and malware filtering at both of those levels...how is this different? I'm not saying that seizure alone would be enough to intervene at these levels, but if Libya decided to hijack these links for nefarious purposes, then yeah, I don't have a problem with it.

[bigiain]

Yeah, if Libya went down the "nefarious purposes" path, we should probably filter at the browser level.

But think down the path you'd need to go if you chose to block bit.ly at the DNS level... Right now, IANA's root name servers delegate all .ly requests to name servers under Libya's control. I'm pretty sure there's no mechanism in place for the root servers to change that to "send all .ly requests to Libya _except for_ bit.ly requests, and serve them ourselves or send them elsewhere", and in my opinion there _shouldn't_ be any such mechanism because of the potential for abuse at government levels - would you want the Chinese government to know IANA has the ability to redirect traffic from domains they don't like?

So the _other_ alternative seems to be to have IANA refer all .ly requests to a new tld authority. Same problem - if you do that once, especially if you do it just to protect a company's profits/business model, how do you refuse a request from China to assume control of all of Tibet's tld?

Suggesting DNS level changes for bit.ly seems to me to open a whole can of very ugly worms...

[ryanwaggoner]

I was thinking more of things like OpenDNS and Google Public DNS, which I believe do malware filtering. I could be mistaken, though...this definitely isn't my area of expertise.