When people dont understand recursion

While drinking my coffee, I stumbled over http://www.longurlplease.com/ on Golem.de (sorry, it's German).

They say, that when you get a shortened URL, you

  • have no idea where it links to
  • are unaware you've been there
  • may secretly linked to yucky websites

That sounds correct, esp with the "funny" "new" ideas of the German government about blocking sites with 'Kinder"pornographie"' (sorry for the German again, and for the multi-quotes, but they say I have to call it like this...) and recording those who try to access such sites.

Anyways, that great service over at longurlplease.com will make the world a safer place:
  • You see you've been there before
  • Tell it links to youtube
  • More information before you click

(the lists are copied from their site, without care about proper rewording for my context)

Sounds great, huh? And they even support 65 different shorturl services. But lets see how they support the same service twice in a row (should be easy too, right?).

  1. Go to http://tinyurl.com/
  2. Create a shorturl for http://gpl.imageafter.com/ (= http://tinyurl.com/oae8sx)
  3. Go to http://tinyurl.com/
  4. Create a shorturl for http://tinyurl.com/oae8sx (= http://tinyurl.com/r6n74h)
  5. Ask the longurlplease.com API about http://tinyurl.com/r6n74h (curl "http://www.longurlplease.com/api/v1.1?q=http://tinyurl.com/r6n74h")
  6. See {"http:\/\/tinyurl.com\/r6n74h": "http:\/\/tinyurl.com\/oae8sx"} as result
  7. Laugh and spread double-shortened Rick-Rolls (people will love you!)

That makes the whole service somehow useless, as you gain exactly nothing, and tell longurlplease.com about each shorturl that comes to your browser (if you have the Firefox plugin installed).

On the other hand, the creator could easily add a recursive resolver, but I bet he (or she? or they?) won't do that, when one does not want the service to die completely in a endless loop (I don't have a black hat, neither I have a white one - I actually don't like hats at all, but it should be possible to construct some funny redirection loops with such services).

It seems tinyurl.com was intelligent and changed that behaviour now:
Error: TinyURL redirects to a TinyURL.
The URL you followed redirects back to a TinyURL and therefore we can't directly send you to the site. The URL it redirects to is http://tinyurl.com/oae8sx.

But one still can fake this:
http://ow.ly/9Arf -> http://tinyurl.com/oae8sx -> http://gpl.imageafter.com/