Crash Safari Follow-Up

It’s been a week since short links to crashsafari.com went viral, and Google has finally killed the most prevalent link (goo.gl/78uQHK).

Unknown request for 78uQHK.

More than three-quarters of a million clicks were made before the short link was disabled for violating Google’s Terms of Service.

This shortlink has been disabled.

But… other short links are still active. Though clicks are definitely on the decline.

Analytics for Vj7Eep.

Why are any of them still active? What is it about these viral links that might delay them from being disabled? Let’s take a closer look at the referrers.

Referrers for Vj7Eep.

Approximately 80% of the clicks are from “unknown” sources, the majority of clicks stripped the referrer. In this case unknown source very likely represents private messaging apps such as iMessage and WhatsApp. Both apps encrypt conversations from end-to-end.

And that means there’s nobody-in-the-middle to filter out bad links.

There is no iMessage client-side filter, and so there’s no opportunity to put automation in place which would automatically report abusive links to the appropriate short link service. And apparently, manual processes take about a week for Apple. Fortunately, crashsafari.com was only being shared as a prank.

The takeaway? Services such as Facebook and Twitter have visibility and thus the potential to curtail threats – but private messaging apps have a weak spot. Choose your friends carefully.

Let’s just hope that next time the would-be prank isn’t a worm waiting in the wings.



Articles with similar Tags