[MajimasEyepatch]

It may help prevent linkjacking. If an old URL no longer works, but the goo.gl link is still available, it's possible that someone could take over the URL and use it for malicious. Consider a scenario like this:

1. Years ago, Acme Corp sets up an FAQ page and creates a goo.gl link to the FAQ.

2. Acme goes out of business. They take the website down, but the goo.gl link is still accessible on some old third-party content, like social media posts.

3. Eventually, the domain registration lapses, and a bad actor takes over the domain.

4. Someone stumbles across a goo.gl link in a reddit thread from a decade ago and clicks it. Instead of going to Acme, they now go to a malicious site full of malware.

With the new policy, if enough time has passed without anyone clicking on the link, then Google will deactivate it, and the user in step 4 would now get a 404 from Google instead.

[dundarious]

In this little story, what's the difference if the direct ACME URL was used? What does the goo.gl indirection have to do with anything?

[xp84]

Goo.gl was a terrible idea in the first place because it lends Google's apparent legitimacy (in the eyes of the average "noob") to unmoderated content that could be malicious. That's probably why they at least stopped allowing new ones to be made. By allowing old ones, they can't rule out the Google brand being used to scam and phish.

e.g. Imagine SMS or email saying "We've received your request to delete your Google account effective (insert 1 hour's time). To cancel your request, just click here and log into your account: https://goo.gl/ASDFjkl

This was a very popular strategy for phishing and it's still possible if you can find old links that go to hosts that are NXDOMAIN and unregistered, of which there are no doubt millions.

[NewJazz]

Yeah I'm pretty sure this is the main reason google is shutting the service down. They don't want their brand tainted by phishing attempts.

[dundarious]

This reputational risk argument makes sense. The post I was replying to seemed to be making a flawed argument about capabilities.

[mattmaroon]

Only insofar as Google might wish to prevent it since their brand was on the shortened url you clicked to get there. And people not having malware is surely good for Google indirectly.

Presumably ACME used the link shortener because they wanted to put the shortened link somewhere, so someone’s going to click things like these. If Google can just delete a lot of it why not?

[MajimasEyepatch]

As the others have mentioned, the goo.gl step isn't necessary for linkjacking, but it is a reputational risk for Google.