I wonder why Google is reusing the Firebase brand so much? It doesn't really fit with messaging (GCM -> FCM) or links, among other functions. Seems like an odd choice, even if the backend infrastructure/team is the same.
Reminds me of Microsoft reusing "Surface", or prepending "Live" to everything once upon a time...
Firebase is their Mobile-Backend-as-a-Service brand.
The product they're driving customers to, Firebase Dynamic Links, is not really a web URL shortener, but more of a bridge between URLs and in-app links. In this light, it makes sense.
As someone who is a heavy Firebase user and a huge fan, it reassures me that Google has so much confidence in the Firebase platform. When you think about it, Firebase is just a friendly wrapper around Google Cloud, pretty much every Firebase feature is just UI sugar over Google Cloud Functions, Google Cloud Hosting and so on.
While Google pushes its mobile functionality and features first and foremost, Firebase is an invaluable web platform for both native and web, sans a couple of features like Remote Config.
I think Firebase is one of the best things to happen to my development workflow in a long time, invaluable for things like MVP's, etc.
I don't know about the "messaging" one... of the big use cases for Firebase was just to send push notifications for numerous channels, and the tech came literally from usage in a chat system (then called Envolve). I haven't looked at this new URL shortener thing yet, though.
You can build your own private URL shortener with AWS Lambda, for a dozen cents a month [0]. I've made some modification to it so that it supports customized short name, but the changes are trivial to implement. You could (should?) also probably consider a short domain name to pair with it, but those are also cheap ($10/yr, perhaps depend on the TLD).
With Google Or Twitter, at least, they have some semblance of permanence, but with everyone hosting their own private shortener, will just lead to madness.
At it's core, this URL shortener is just S3 redirect objects [0], behind a cloudfront CDN. So by "fast", you probably mean one of these things:
1) User clicking on a URL: the latency of this action is mostly determined by the latency of cloudfront, which is pretty fast [1]. (Except in the case of a first-click when cloudfront has to do a pull from S3, which is also not bad [1])
2) Creation of a new short URL: this action is the execution of a lambda function, which in my experience is ~1s in cold-start scenarios, and near instant otherwise.
Total guess here: In addition to having two products that do the same thing, I'm guessing they may want to distance themselves from goo.gl links since a shortened URL with that domain somehow seems associated with Google and seems more legit (as opposed to, say, a bit.ly or ow.ly link.)
Interesting guess. Google does have a URL shortener for google "official" URLs under the g.co domain. And the goo.gl does get used for certain attacks sometimes.
In regards to the shortener replacement, it might be nice for app developers, but as a user, I loathe when a link that can go to a website tries to bring me to the app install. I don't want to install your likely crappy, less featurefull app.
Google should give the whole dump of the redirects to the Internet Archive (or at least stop banning their crawlers) https://archive.org/details/301works
> Being security conscious, I hovered over the link and suspected a phishing attack.
> Given I work in finance, this was the only prudent move I felt I had.
At my place of employment, we are instructed to "hover to uncover" every link in an e-mail. Yet every link I get from virtually any automated source reads something like this:
"To accomplish the task you need to accomplish, simply visit us at h t t p s: / / example dot com / some / simple.url.html"
Yet the ACTUAL link is: "h t t p : / / linktracker9 . unrelatedentity4 . subdomain . example dot io / asdflkjawsfq3894gfjwerfgouiewjngwskuvhawesri7gfhwe4i7fghwefv / qwerog9f8weh8w4fhw98ry2938hwf?utm_lol=hahaha&utm_more=roflcopter&utm_howabsolutelylongcanwemakethislink=shadyb1zn3zz&phishing=no&itscool=thisis_definitely_not_phishing&utm_feed=buzz"
I understand, but do not accept, why every link sending program on the planet insists on doing this. It is broken and wrong.
I can't even see the real link because our anti-spam software rewrites every single one (so they all look like https://somesubdomain.mimecast.com/linkcheck?something=as8fg...). Even more annoying it loads the URL before you even get to it, so single use URL's like Salesforce password resets get burned before you can use them (we finally got this fixed with our old Proofpoint setup that did the same nonsense, I haven't pestered them to fix it with Mimecast yet).
You've just given me an interesting idea for an extension to HTML itself - an anchor tag / link type where the text displayed can and must only be equal to the href value of the link. Additionally, any rendering client could render such a link with a special visual cue, perhaps, to help the user understand that the visible link text should equal the link href value and only the link href value.
Could just be, maybe you could make an anchor tag which is like, <a href="http://www.google.com"> without a closing tag, and browsers know to render that where the text displayed equals the value of the href. Additionally, clients could detect such links and give them a visual cue to indicate they are "safe(r)" relatively speaking?
What is the point of that? The vast majority of people don't care about URLs, which is why they don't check it when browsing and why we have links and buttons in the first place. That also doesn't solve anything regarding URL redirects.
It seems you're attempting to solve a spam/security issue through a presentation layer, which really works, especially when it's opt-in to a new HTML standard.
All major client clients already do some form of link scanning, including robots to visit the links themselves. This also feeds into their spam scores and can retroactively block certain links when wrapping it in their own redirects.
What if the page tries to position another element over the link? If you just say that the safe-link has the highest z-index, then you'll have plenty of awkward cases where it shows through stuff like sticky navbars/headings or dropdowns that happen to be opened over them. And what would the browsers do to show those links specially? Could a webpage do the same around their own links?
I guess I was thinking, browser vendors and clients that care are already taking measures to inform users if the URL they are browsing is safe / secure (HTTPS enabled UI for example) - I was just trying to think of some way for the HTML source itself to indicate "hey, the value of the href of this link should be exactly 'X', and a user can see that relatively easily, and if for any reason it is NOT 'X' then the link should not be trusted". I mean, the clients could also take active measures to block such links as well... if the "href" is not the same as the expected value for the href (or if it changes), then the client disables the link automatically.
I don't think one would use the "safe-links" I described everywhere (like, not in places where they would bleed through). I think they might be a special use case, maybe for emails and clients that are rendering more document oriented HTML as opposed to web-site/web application type HTML, although browsers could certainly render them.
Of course, those clients would have to be trustworthy too.
I suppose rather than showing any visual cues that the link is enabled, clients could just validate that...
if they see a link like this (without text or an ending anchor tag) ->
<a href="http://www.google.com">
then the one and ONLY action the link can take is to navigate to the precise href specified, and it would only render the text of the href as the content of the anchor tag.
So maybe a visual cue is not even needed - just enforcement by trustworthy clients.
The things they're announcing here are a turndown of support for creating new goo.gl links and a more flexible but slightly differently focused replacement, both without breaking existing links.
Your comment is a general one that, while entirely valid, applies to all URL shorteners. How is that somehow different in the case of Google's shortener or this transition?
Because it’s a different domain. I expect google app links to go to something that looks like google (or goo.gl, etc), not something totally different that I am not knowledgeable is part of google.
This change isn't about what Google apps do. Indeed I wouldn't be at all surprised if Google Photos sharing continues to use photos.app.goo.gl following this change as it does now.
This is about turning down a service that formerly allowed arbitrary third parties unaffiliated with Google to make goo.gl links going to whichever destinations they wanted, and allows those third parties to track certain usage data like bit.ly also allows.
Google is simply removing that third party offering. I think that aligns very well with what you'd prefer, if I'm understanding you correctly.
It wouldn't surprise me if reducing user confusion is even part of their internal rationale for the turndown, though I don't actually know. I haven't been privy to such details since I left Google roughly 3 years ago.
What is poorly handled and what should've been different? The security issue seems to be the obfuscation that is offered by all URL shortners and redirects, and most email links usually have several layers of them.
Which raises the question of the purpose of link shorteners anyway.
They are usually so obscure and jumbled that reading them out loud to someone would be slow and awkward ( "that's goo dot gl, no e" ). So what is the use-case?
They're still shorter, and less likely to line-wrap and break older clients. They also help to obfuscate certain tracking info and/or protect them from tampering.
Also you can set a custom shortname in almost all of them, if it's available.
Since they will be continuing to honor existing redirects, do they gain anything by disallowing new redirects? If it is engineering effort they want to save, they can just stop developing new features, right?
Continuing to honor existing redirects is a relatively simple gesture of goodwill -- it's absolutely what customers expect, it's good for the web, and doesn't need a lot of ongoing effort.
Rather, it looks like they're driving people to a different product intended for a different set of usecases [1]. They want to get out of the generic, commodity web URL shortener business, and drive more of their customers towards more purposeful destination forwarding.
Crucially, the new product is unlikely to be available through a web interface (at least, without an account), so Google no longer has to deal with their link shortener being used for spam and fraud.
