Stop clicking random short URL links

By Jerry Hildenbrand
last updated

I've been ranting about this all week, so I'm taking a few minutes to blog about it here. Hopefully it does a little bit of good.

By now, everyone knows that OMG clicking a link can maybe reset your Samsung phone and erase all your data!!!11!! Unfortunately, it's true for a good many phones out there, including about a jillion Galaxy S2 models. Like mine. While I'm the first to say that OEMs need to get off their ass and patch the phone of every user in the world that still has a contract or is under warranty, I also know that in the end, it's us -- the users -- that are responsible for our own security. 

For some, like me and many of you, that means getting out the data cable, giving the OEM and their jacked version of Android the finger and flashing a custom ROM that fixes bugs and exploits. There are plenty of AOSP builds already made for my Galaxy S2, and I'll be flashing at least one of them this evening. But some of us can't (or just don't want to) hack things up and deal with different bugs on unofficial firmware. That's cool, too. Not everyone is an idiot who likes to break willing to hack their expensive phone. That means you get to sit and wait for a patch that may never come. What can you do?

Here's a quick and dirty suggestion that will cut down on over 9,000-percent (totally made up figure) of exploits. 

Stop clicking random short URL links from people you don't know or trust. Stop. 

How easy is it to hide a link to something disgusting, unsafe, or illegal inside a short link? Way too easy. Head to www.goo.gl and follow the instructions. And that's just one of many URL shorteners out there. In fact, if you're wanting to make a short link to a script or other bit of evil that legit URL shorteners have blocked, a cheap GoDaddy website and a bit of Googling can help you make your own. Then you can hide all sorts of nefarious shit in plain sight.

Knowing this, the next time you get a random text message, or @reply on Twitter, or Google+ spam, or Facebook spam (and this could go on forever), don't click the damn thing. Delete it. Maybe even report it. Reply to it that you think the sender is a douchebag. Do anything but click it. Only trust people you know you should trust. You can trust your bank. You can trust your church. You can trust us. You can't trust 86114 or the Prince of Nigeria.

By only clicking short links from people you trust, you'll have a pretty good idea where they are sending you is something that won't break your phone. Or if it does, you know who to kick in the balls for it afterwards.

Jerry Hildenbrand
Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

33 Comments
  • +1000000000000.
  • https://www.youtube.com/watch?v=QH2-TGUlwu4&feature=youtu.be
  • I'm so tempted to click on that.
  • Worth it.
  • Awesome
  • It's a Rick roll isn't it?
  • Not a rick roll.
  • The wisdom of Jerry strikes again. Thanks!
  • LOL Wow Jerry, you weren't kidding when you said this bothered you. :)
  • Six paragraphs deep I was thinking, "smartest editor on AC, how'd the others get jobs?". Then I reached the seventh paragraph and realized I was wrong. Good writeup though, spelling is good, grammar... more than I can say about the other "editors". Of course, other reader's opinions may vary.
  • Yeah!!! I can be trusted!
  • LOL
  • Nice, Jerry! And now I actually have a good reason to hate short links... Before I just hated them for the same reason I hate "chat/text speech", because it looks like people are being lazy. I'll take my 6 paragraph link anyday! :D
  • I got here from a shortened link...
  • Hey Don't Bad Mouth The Prince, He It's A Stand Up Guy. He It's Sending Me Money To Help Him With A Recent Death I His Family.
  • But how does one know the message is truly from whom it claims? Ah the web of mistrust.
  • http://m.youtube.com/#/watch?v=AHLnv--a9kA&desktop_uri=3Fv%3DAH...
  • I hate people who use short links.
  • https://www.youtube.com/watch?v=e9n9iR7iJNE
  • for those that love their short links, use a website like unshort.me/ or unshorten.com/ and see where it's sending you
  • No f'ing sh*t... :-) The whole concept has screamed "hack me" for years... Who ever thought this was a good idea? ( except for the hackers, of course) If you can't show me a real Link, I don't need to see what you're hawking... B' Bye :-)
  • I swear I've seen AC employees use those url shorteners.
  • Whoa, whoa, whoa, WHOA! I can't trust the Prince of Nigeria?! What has this world come to???
  • Jerry rules
  • I can understand you're all heated about this but instead of all your dirty language why don't you just explain it like a normal person. Jeez. All the cursing is unnecessary.
  • So Jerry, which ROM are you installing on your S2?
  • Damn god article Jerry. One observation. Jerry does such a good job of saying the dangers of trusting strangers but then saying you "can trust us" meaning Android Central I realized something. This was how Jerry got women back in the day. Tell them how you should trust the athlete but that he's their friend and you can trust him. SCORE!! Jokes..fellas....jokes.
  • Its a stupid bug, but thankfully its easy to fix.
    On this page they have links to some apps you can install which will catch evil messages for you: http://dylanreeve.posterous.com/remote-ussd-attack (check it on a PC first if you are scared ;)
  • Awesome writeup but tell us how you really feel lol... Personally people who click on everything just annoy me.. I have never had a virus/malware ever and have been using computers since the 286!
  • www.unshorten.com
    unshort.me If you really have to know, but don't want to click.
  • I can see that Lookout has now inserted itself with a "scan before dialing" option (that can also be set as default) on my GS2. I assume that's in response to this problem? I also have another dialer installed and none set as default, so just having the the request prompt showing up should also block any sneaky, automated dialing codes.
  • https://addons.mozilla.org/en-us/firefox/addon/unshortenit/
  • Do not underestimate ball kicking as remedial action. Look what happened when tar and feathers went out of fashion.