Referrer Cloaking in URL shortener

A couple of days ago I wrote about my little trick to spy on bit.ly links, which Johnathan Volk later picked up for an April Fool’s joke with a kernel of truth in it.

There are alternatives to Bit.ly, but this one from a commenter caught my eye: Referrer.us does URL shortening and cloaking with sugar on top. That sugar can be as mellow as hiding the referrer or as naughty as faking it. The service looks full-featured and largely free. Nice.

I do see a practical use for Referrer.us – Still, I have to say some of the black-hat folks and services I’ve seen go paranoid overboard in a big way. I accidentally scratched the surface of how Russian black-hatters move money around and it was freaking mad – encryption out the wazoo, multiple layers of e-gold and other virtual currencies with crazy names and crazy account and exchange schemes. I was trying to fund an account for a stupid service and finally gave up – It was nuts – It looked like I was about to launch an ICBM instead of spend $20 on a service.

Its easy for a tech person to see all the holes and try to cover them up with technology – and it is also easy for the tech person to get lost in the details and lose sight of the goal – Unless you’ve got a swarm of determined hackers banging down your virtual doors, meet the challenge with the minimal amount of effort needed to accomplish the task and keep going… Security is relative, and never absolute – The best plan is to prepare for damage control, containment of the disaster, and quick recovery since you really can’t stop a determined hacker.