A Bit More Detail

Assorted Personal Notations, Essays, and Other Jottings

[LINK] “Dead.ly url’s and authoritarian social network tracking”

ZDNet’s Oliver Marks expresses a certain amount of concern with the link-shortening service bit.ly, something I regularly use to make compact complete posts over at my Twitter account. Is it a good idea to let link-shortening services index people’s patterns of Internet use?

The escalating unrest in North Africa and other parts of the world continues to make us wonder about the fundamental levers of control of the entire internet, and its uses for mass interactions and broadcasts.

Bit.ly, the uniform resource locator (web site url address) shortener widely used by marketers and Twitter users relies on .ly, the Internet country code top-level domain (ccTLD) for Libya and it’s still far from clear who ultimately controls the off switch for those domains. More importantly, my Constellation Research Group colleague Alan Silberberg ruffled feathers and forced focus within US government circles last week by pointing out that their use of bit.ly isn’t consistent with expected security levels – from his blog on Huffington Post:

…I talked to many federal workers today, and received many emails and direct messages with varying degrees of use/non-use of the .ly extensions. One thing became very clear. In this age of Gov 2.0 and Web 2.0 – we need to be careful to guard against the rush of technology leading to rash decision making.

….The United States Government recently issued its own shortener, based on Bit.ly professional (paid) version with some changes to the T.O.S. and other things. They have a secondary company supporting this. To the credit of the GSA, when I inquired through a tweet about the use of .ly shorteners with regard to Government agencies and the current crisis, I got a real response within minutes showing Gov 2.0 in use. However I seriously question the reliance on a company that is in turn relying on an extension controlled by a brutal dictatorship with no regard to human rights let alone western corporate rights. There are other shortener companies that do not rely on the .ly extensions. Why create a potential back door for mischief?

…there is the more pernicious problem of the potential abuse of any redirect necessitated in any shortener program. These shorteners start executable code on your computer to do the re-direct. You don’t always know where you are being sent. Recently the Israeli government demonstrated that DDOS and other malicious code can be inserted into the backend of shorteners, a stern warning any government should be paying attention to.

These are serious domestic US security concerns, the result of reliance on the top level domain of a very unstable sovereign state. According to Bit.ly they have five root nameservers for the .ly ccTLD: two in Oregon, one in the Netherlands and two in Libya.

The Oregon and Netherlands servers are presumably reliant on obtaining updates from the .LY registry inside Libya. If they can’t, at some point they will consider the data they have stale/obsolete and stop providing information on the .LY domain. If the Libyan registry is cut off the internet the availability of .LY domains would be compromised somewhere between 0 and 28 days, with inconsistencies increasing as attempts to ‘phone home’ to the Libyan TLD servers got no response.

The final sentences caught my attention: “Being whacked on the head with a truncheon as you struggle to keep up with events on your mobile device in a fast moving crowd seems closer to Morozov’s rather dismal cautions of an Orwellian future than to Clay Shirky’s more Huxley like ‘Here Comes Everybody‘ round up of popular perspectives on ochlocracy …especially when you think that events are being recorded for posterity on closed circuit cameras and filed away in bit.ly like activity tracking systems…”

Go, read.

Written by Randy McDonald

February 28, 2011 at 8:30 pm

%d bloggers like this: