Visit
Visit

In a new paper published today, Professor Vitaly Shmatikov demonstrated how hackers can find out intimate information through shortened URLs, WIRED reports.

FOR ANYONE WITH minimalist tastes or an inability to use copy-paste keyboard shortcuts, URL shorteners may seem like a perfectly helpful convenience. Unfortunately, the same tools that turn long web addresses into a few characters also offer the same conveniences to hackers—including any of them motivated enough to try millions of shortened URLs until they hit on the one you thought was private.

That’s the lesson for companies including Google, Microsoft, and Bit.ly in a paper published today by researchers at Cornell Tech. The researchers’ work demonstrates the unexpected privacy-invasive potential of “brute-forcing” shortened URLs: By guessing at shortened URLs until they found working ones, the researchers say that they could have pulled off tricks ranging from spreading malware on unwitting victims’ computers via Microsoft’s cloud storage service to finding out who requested Google Maps directions to abortion providers or drug addiction treatment facilities.

 Read the full article on WIRED.

< Back to News

Media Highlights

Bloomberg Law

Ripple Ruling Blurs Definition of Cryptocurrencies as Securities

Mental Daily

Study Takes A Closer Look At NYPD Patrol Patterns Using Dashcam Footage

Tech Policy Press

Content Moderation, Encryption, and the Law

Princeton University

Tech Expert Arvind Narayanan Takes the Helm at Princeton Center for Information Technology Policy

Marktechpost

A New AI Research from Stanford, Cornell, and Oxford Introduces a Generative Model that Discovers Object Intrinsics from Just a Few Instances in a Single Image

RELATED STORIES