They can make long URLs shorter and easier to share on social media, printed materials, and messages.
However, from the perspective of anonymity, shortened URLs require caution.
Shortened URLs make it harder to tell the final destination from their appearance. In addition, relay logs, click measurement, redirects, and tracking parameters from shortened URL services may be involved.
"Short" does not mean "safe."
Rather, there is information that becomes hidden because the URL has been shortened.
This article organizes how shortened URLs and redirects relate to anonymity and what to check before sharing them.
What Is a Shortened URL?
A shortened URL is a mechanism that replaces a long URL with a different, shorter URL.
When a user opens a shortened URL, they first access the shortened URL service and are then forwarded to the original URL.
This forwarding is called a redirect.
Stage
What happens
Point to watch for anonymity
1
Click the shortened URL
First connects to the shortened URL service
2
The shortened URL service logs or evaluates
Click time, IP address, User-Agent, and similar information may be recorded
3
Forward to the original URL
The final destination opens
4
The destination site processes it
Access logs and URL parameters also reach the destination
In other words, when you use a shortened URL, not only the destination site but also the shortened URL service becomes a relay point in the communication.
This point matters.
What Becomes Harder to See With Shortened URLs
With a shortened URL, you cannot tell the final destination from its appearance.
It also becomes harder to tell before clicking what parameters are attached to the final URL.
What becomes hard to see
Why it is a problem
Final domain
It is hard to judge before clicking which site you will visit
URL parameters
UTM values, click IDs, and individual IDs are hidden
Number of redirects
The link may pass through multiple relays
Relay services
It is hard to know which operators observe the click
Being led to dangerous sites
Fake or suspicious sites are hard to judge from appearance alone
For anonymity, it is important to understand the destination yourself before opening it.
Shortened URLs make that judgment harder.
Information That May Remain With Shortened URL Services
Shortened URL services do not merely shorten strings.
Many shortened URL services can measure click counts, click sources, dates and times, device information, and similar data.
Information
Meaning
Caution for anonymity
Click time
When it was opened
Can be checked against posting times or behavior logs
IP address
Which network opened it
Whether or is used may also be visible
User-Agent
Browser and OS information
Becomes a characteristic of the usage environment
Referrer
Which page the user came from
The sharing location or traffic source may be visible
Click count
How many times it was opened
Can be used to infer distribution scope or interest
Not every shortened URL service stores the same logs.
However, when you use a shortened URL, it is certain that you are adding a third party other than the destination to the communication route.
For anonymity, increasing the number of parties you must trust matters in itself.
When Redirects Stack Up
Opening a shortened URL does not necessarily mean being forwarded only once.
When advertising, social media, email delivery, access analytics, affiliates, and similar systems are involved, the link may pass through multiple redirects.
Redirect problem
What happens
Multiple relay services
Each one may observe the click
Parameters are added along the way
Tracking IDs or campaign information may be attached
Destination changes by region or device
The destination you checked may differ from someone else's destination
Time-limited URL
It may behave differently when opened later
Malicious forwarding
It may lead to a fake site or dangerous file
When sharing a shortened URL, it may look like one link, but in practice it may pass through multiple services.
For that reason, in anonymous activity and pre-publication checks, avoid shortened URLs as much as possible, confirm the final URL, and share that instead.
Check Before Opening a Shortened URL
When you receive a shortened URL, there are situations where you should not open it immediately.
In particular, for anonymous activity, journalistic reporting, whistleblowing, activity-related communication, and pre-publication file transfer, avoid opening a link without checking its destination.
Check
Reason
Check the expanded destination
To know the final domain and URL
Avoid links from unknown senders
They may be fake sites or tracking links
Do not open it in a logged-in browser
To avoid connecting it with cookies or account state
Check in a separate environment if needed
To avoid exposing your usual device or browser information
Look at the final URL parameters
To check UTM, click IDs, token, and similar values
How to check the expanded destination differs depending on the service and browser environment.
If you enter a shortened URL into an online expansion service, that URL and information about your access source may be sent to the service. For high-risk links, do not enter them into external services; ask the sender for the official URL or check carefully in a separated environment.
When safety matters, it may be better not to force a click and instead ask the sender for the official URL.
When You Share a Shortened URL Yourself
When you share something anonymously, treat shortened URLs cautiously as a general rule.
If you use a shortened URL, information about the people who click it may gather on the shortened URL service side.
Also, from the recipient's point of view, the destination becomes harder to understand.
This relates not only to anonymity but also to the recipient's safety.
If you share one, check the following points.
Whether unnecessary tracking parameters remain in the final URL
Whether the shortened URL service has click analytics
Whether the recipient can judge the destination before clicking
Whether it is really necessary to use that shortened URL
Whether the long URL can be shared without problems
In anonymous activity, prioritize route clarity over visual shortness.
Do Not Judge by the Shortened URL Alone
Avoiding shortened URLs does not make you anonymous by itself.
If tracking parameters remain in the final URL, the problem remains.
If you are logged in to the destination, the access connects to the account.
If you open it in your usual browser, cookies and browser information are sent.
Even if you use a VPN or Tor, the information visible to the shortened URL service and destination changes, but tracking values in the URL itself do not disappear.
Checking shortened URLs is one part of URL tracking as a whole.
Summary
Shortened URLs are a convenient mechanism for making long URLs shorter.
However, from the perspective of anonymity, they make the final destination, URL parameters, relay services, and click logs harder to see.
When you open a shortened URL, not only the destination site but also the shortened URL service becomes a relay point in the communication.
For that reason, in anonymous activity and pre-publication checks, do not trust shortened URLs as-is. Check the expanded destination, redirects, parameters, and login state.
When sharing one yourself, also consider whether using a shortened URL is necessary.
A short URL is not necessarily a safe URL.
For anonymity, prioritize knowing the destination and the information that remains over shortness.
Related articles
URL tracking
Risks of Shortened URLs and Redirects
Shortened URLs can hide final destinations, parameters, redirect chains, and relay logs. Check destination, login state, and tracking values before sharing.