Gov 2.0 Leadership » Alan W. Silberberg » Gov 2.0 and the Short problem.
Gov 2.0 and the Short problem.

There is a huge amount of news pouring out of the middle east right now. Oil prices are shooting up. The “stable” countries in the area are eyeing their “unstable” neighbors quite warily and there is tremendous unease in general.

One of the by-products of the strife, conflict and chaos occurring in the Middle East has been a laser like focus on the role that social media has been playing in the drama unfolding daily in a new country, almost country by country. One facet that has made social media have the impact it has had is the shortness of messaging allowed by services like Twitter and now Facebook as well as other sharing sites.

As anyone who has used Twitter more than once knows, the easiest way to submit a long link (url-uniform resource locator) is to shorten the link using anyone of other popular shorteners available for free and in paid versions. If you use a client like tweetdeck, the odds are you use a shortener powered by something ending with .ly (the extension) When you shorten, you cloak the real url, and re-direct the user to another – which in itself is a recipe for disaster. When you add in executable code that can be like a payload – with ddos, malware or other problematic attacks embedded. Your computer could turn it on without you even knowing, simply through the act of the redirect itself.

(Now I am about to say some things that will get some people annoyed so a disclaimer of sorts: I am not attacking any company nor service with the .ly extensions. Rather I am asking some questions in the hopes of helping to create some constructive answers and help allay some fears in the user base.)

This is an even huger problem as the .ly extensions are clearly and most definitely controlled by Libya. It is up to the Government of Libya to approve, deny or block content and users of .ly extensions according to both Islamic law and Libyan law. Libya is violently cracking down on it’s citizens and is using threats of and actually shutting down the internet. Why should Western companies think they are going to stay away from these troubles?

So not only is there a threat of shutdown – there is the more pernicious problem of the potential abuse of any redirect necessitated in any shortener program. These shorteners start executable code on your computer to do the re-direct. You don’t always know where you are being sent. Recently the Isreali government demonstrated that DDOS and other malicious code can be inserted into the backend of shorteners, a stern warning any government should be paying attention to. The United States Government recently issued it’s own shortener, based on Bit.ly professional (paid) version with some changes to the T.O.S. and other things. They have a secondary company supporting this. To the credit of the GSA, when I inquired through a tweet about the use of .ly shorteners with regard to Government agencies and the current crisis, I got a real response within minutes showing Gov 2.0 in use. However I seriously question the reliance on a company that is in turn relying on an extension controlled by a brutal dictatorship with no regard to human rights let alone western corporate rights. There are other shortener companies that do not rely on the .ly extensions. Why create a potential back door for mischief? I talked to many federal workers today, and received many emails and direct messages with varying degrees of use/non-use of the .ly extensions.  One thing became very clear. In this age of Gov 2.0 and Web 2.0 - we need to be careful to guard against the rush of technology leading to rash decision making.

There has been a spate of recent stories  about the problems with shorteners in general, and .ly extensions  specfically, long before the current problems heated up.  So I would suggest to the U.S. Government, and to other Governments, that they look seriously at using non .ly related shorteners, and come up with a way to take the mischief component out of the equation, in a bid to make the internet a safer place while still keeping the immediacy of the message intact.

Follow up:

Bit.ly has issued some statements on Quora as well as it’s own website with regard to the status of the .ly extensions. There still seems to be confusion over what would happen with a full shutdown, as there is a 28 day report period after which Icann will not take further information from a non addressing extension. At the same time, there are multiple hosting points, and of the 5 for .ly only 2 are in Libya. So while this provides some clarity – it does not address the payload issue, or why the shortener industry decided to rely on .ly extensions which still fall under the Islamic/Libyan law situation I laid out above.


30 Comments (Leave a Reply)

  1. Kimberley Hohenadel (April 7, 2011)

    RT @craigstoltz: Did you know that .ly link shorterners are routed through Libya? Gov 2.0ers take note. See http://tinyurl.com/4tpxeza

  2. Ron Davis (March 13, 2011)

    Gov 2.0 and the Short problem. http://t.co/uPLjode via @Ideagov Could we be being watched by our own enemies, and not even know it?

  3. Gov20LA (March 5, 2011)

    RT @webtechman: Gov 2.0 & the Short problem http://goo.gl/zcNbC RT @IdeaGov @vargasgirlred @kierobar

  4. vargasgirlred (March 5, 2011)

    RT @alanwsilberberg: RT @kierobar: Gov 2.0 and the Short problem. http://t.co/rrcsSMo #libya #gov20 #security

  5. Alan W Silberberg (March 5, 2011)

    RT @kierobar: Gov 2.0 and the Short problem. http://t.co/rrcsSMo #libya #gov20 #security

  6. Kieran Barr (March 5, 2011)

    RT @IdeaGov: Gov 2.0 and the Short problem. http://t.co/rrcsSMo #libya #gov20 #security

  7. gov2feed (March 5, 2011)

    RT @IdeaGov: RT @rwang0: RT @IdeaGov: Gov 2.0 and the Short problem. http://bit.ly/dK4dK2 #libya #gov20 #security http://bit.ly/fkxa7i

  8. newspyre (March 5, 2011)

    rt @ideagov: Gov 2.0 and the Short problem. http://t.co/rrcsSMo #libya #gov20 #security

  9. Paul Papadimitriou (March 5, 2011)

    RT @IdeaGov: Gov 2.0 and the Short problem. http://t.co/rrcsSMo #libya #gov20 #security

  10. Alan W Silberberg (February 25, 2011)

    Government 2.0 and Short problem. http://t.co/rrcsSMo Updated w facts from @bitly's CEO on #Quora #libya #gov20 #smem

  11. enrique saldivar (February 25, 2011)

    RT @alanwsilberberg: Government 2.0 and Short problem. http://t.co/rrcsSMo via @Ideagov Updated w facts from @bitly's @Borthwick #libya …

  12. Aaron McGowan (February 25, 2011)

    RT @alanwsilberberg: Government 2.0 and Short problem. http://t.co/rrcsSMo via @Ideagov Updated w facts from @bitly's @Borthwick #libya …

  13. Alan W Silberberg (February 25, 2011)

    Government 2.0 and Short problem. http://t.co/rrcsSMo via @Ideagov Updated w facts from @bitly's @Borthwick #libya #gov20 #smem

  14. Susan Hess (February 25, 2011)

    RT @alanwsilberberg: RT @YoungLatinoNtwk: Gov 2.0 and the Short problem. http://t.co/fjsQLnA via @Ideagov < makes you really re-think …

  15. Alan W Silberberg (February 25, 2011)

    RT @YoungLatinoNtwk: Gov 2.0 and the Short problem. http://t.co/fjsQLnA via @Ideagov < makes you really re-think if you want to use bit.ly

  16. Jose Feliciano Jr. (February 25, 2011)

    Gov 2.0 and the Short problem. http://t.co/fjsQLnA via @Ideagov < makes you really re-think if you want to use bit.ly

  17. Jamie Clark (February 24, 2011)

    Alan, fair question; I wondered too, and asked Hilary Mason at bit.ly, got this answer: http://j.mp/h06N61 (links to Quora). Of course any single-source service has risks; and some archivists and semantic web folks disagree with any modification of URLs.

  18. nmshaw (February 23, 2011)

    RT @craigstoltz: Did you know that .ly link shorterners are routed through Libya? Gov 2.0ers take note. See http://tinyurl.com/4tpxeza

  19. Felice J. Freyer (February 23, 2011)

    RT @brianreid As bit.ly user, food for thought: RT @craigstoltz: .ly link shorteners are routed through Libya: http://tinyurl.com/4tpxeza

  20. Brian Reid (February 23, 2011)

    As a bit.ly user, food for thought: RT @craigstoltz: .ly link shorterners are routed through Libya: http://tinyurl.com/4tpxeza

  21. Alan W Silberberg (February 23, 2011)

    RT @ajbowles: RT @IdeaGov: "Gov 2.0 and the Short problem" http://tinyurl.com/Gov20shorts #security #cyber #egov #analyst #constellation

  22. Nicholas Garlow (February 23, 2011)

    RT @craigstoltz: Did you know that .ly link shorterners are routed through Libya? Gov 2.0ers take note. See http://tinyurl.com/4tpxeza

  23. Craig Stoltz (February 23, 2011)

    Did you know that .ly link shorterners are routed through Libya? Gov 2.0ers take note. See http://tinyurl.com/4tpxeza

  24. scott reuter (February 23, 2011)

    RT @CasperJohansen: @IdeaGov hmm, hadn't thought about .ly extension + associated content being controlled by Libya. http://bit.ly/g7aX0O

  25. amcgowanca (February 23, 2011)

    RT @alanwsilberberg: "Gov 2.0 and the Short problem" http://tinyurl.com/Gov20Short #gov20 #cyber #ogov #analyst

  26. Alan W Silberberg (February 23, 2011)

    "Gov 2.0 and the Short problem" http://tinyurl.com/Gov20Short #gov20 #cyber #ogov #analyst

  27. Casper Johansen (February 23, 2011)

    RT @IdeaGov hmm, hadn't thought about .ly extension and associated content being controlled by Libya.. hmm… http://bit.ly/g7aX0O

  28. Gov20LA (February 23, 2011)

    RT @IdeaGov: Gov 2.0 and the short problem. http://t.co/wklPTrb #gov20 #gov20la #in

  29. Susan Hess (February 23, 2011)

    RT @alanwsilberberg: "Gov 2.0 and the Short problem" http://tinyurl.com/Gov20Short #gov20 #cyber #gov #egov

  30. Alan W Silberberg (February 23, 2011)

    "Gov 2.0 and the Short problem" http://tinyurl.com/Gov20Short #gov20 #cyber #gov #egov



Leave a Reply

Name
(* required)
Email Address
( * required - will not be published)
Web Site
Comment
(* required)