A very interesting article has been published recently: Gone in Six Characters: Short URLs Considered Harmful for Cloud Services by Martin Georgiev and Vitaly Shmatikov. The authors studied URL shorteners like those embedded in popular cloud services like Microsoft OneDrive or Google Maps. They demonstrated that such short URLs can be scanned using brute force and discover sensitive information.
What does that mean for us who need to collaborate?
When you share a link with a URL shortener to information you might consider sensitive, keep two things in mind:
- Everyone who knows the link has access to that information. Security through obscurity is the only protection (true for any links you share).
- Others might try the same like the authors and discover your document.
Hence, try to avoid this type of collaboration. However, we know that sometimes you cannot avoid it. In that case it is probably better to avoid the usage of URL shorteners, especially when you don’t know how long the link will stay active.