Helping people with computers... one answer at a time.
Link encoding can take on many forms, some of which are normal while others can be manipulated to deceive. I'll look at what you need to watch out for.
Why do so many companies use hidden URLs? The ones that are hidden under some phrase, typically "Click here for more Information!" They are training people to trust what they can't see, which could lead them to a spam/malware site!
It kinda depends on what you mean by "hidden URL".
I say that because I can think of several different kinds and most of them aren't intended to be misleading at all.
In fact, the one that most closely matches your description is the very definition of how HTML and web pages were designed to work.
A URL, or Uniform Resource Locator, is simply a way to specify a specific something on a network. The most common one that you'll see might be of the form:
A URL is comprised of three parts:
http: indicates the protocol or communications language to use when accessing the item: in this case, HyperText Transfer Protocol.
ask-leo.com indicates where to find the item: in this case, the server to contact.
internet_safety_how_do_i_keep_my_computer_safe_on_the_internet.html indicates what to get: in this case, a single text file that happens to contain HTML.
We could, and often do, pass around URLs as references to information on the internet. However, those are kinda ugly, and when specified on a web page or in HTML formatted email, we can do better. In fact, HTML is specifically designed to allow this:
That's a link. It has two parts: the displays text that you see - "Internet Safety: How do I keep my computer safe on the internet?" - and the target URL that it goes to:
That makes for significantly more readable text, and a clearer, conceptual association between what you're clicking on and what you'd expect to find at its destination.
As you can see from the example above, links have two parts: the part that you see and the URL that you don't immediately see that is the destination should you click it.
Normal usage doesn't require that they be the same. Internet Safety is a very valid and common link. The idea is that if you click on the link that shows "Internet Safety", you'll be taken to something about internet safety.
That's the closest example to exactly what you've described and all I can say is that it's exactly how links were intended to be used.
Particularly when URLs themselves can be significantly more obscure than those on Ask Leo!, it's intended to give you a clue as to where you're going. For example, given a URL like:
Other than it going to Amazon.com, you have no idea what you'll find when you get there. On the other hand, if I instead give you Maintaining Windows XP on Amazon, you know exactly what you're getting.
One thing that may confuse you is that many programs, particularly email programs, will make anything that looks like a URL into a clickable link. For example, you may see:
in an email, but the email program may turn that into a link:
That's exactly like a normal link except that the part that you see is the same as the URL that you'll go to if clicked.
A technique used by URL-shorteners, like bit.ly, tinyurl, snipurl, goo.gl and many others, is what's called a redirect. A short URL is created that, when accessed, immediately redirects you to a different, usually longer URL.
I have my own: go.ask-leo.com (aka ps0.us) is a redirector/URL-shortener. So I might provide a link like:
That's a much shorter link, which is less likely to be broken by email text-wrapping, and is easier to use in length-limited environments like Twitter.
Where does this link go?
Answer: You don't know. You won't know until you click on it and land wherever it takes you.
The same is true for any of the URL shortening services. If you see a "bit.ly" link, for example, you have no idea where it's about to take you. Whether you should or shouldn't click on that link is all about how much you trust the place where you found it.
Needless to say, hackers and others with bad intent are saying things like "Win a free iPad: http://some-url-shortener-link", which takes you to a malicious web site when clicked.
Fortunately, this is a little more obvious, but it's also a very common legitimate technique as well.
Hover your mouse over that link and you'll see that, even though it displays one URL, it actually goes to a completely separate URL.
Many browsers and email programs will warn you in situations like this. But there's a problem: this technique could be used for good or evil:
Good: The example above is a common technique to count how many people click that link. The link actually goes through a URL shortener, but actually does land on the intended page. This is very commonplace in email newsletters, such as my own where all the links actually route through "clicks.aweber.com".
Evil: Those with malicious intent display one URL to get you to click, but instead, take you to a malicious site.
In both cases, hovering your mouse over the link should show you the actual destination of the link in the browser status line if you click it.
To begin with, don't panic if the display text for a link is different than the URL. That's normal HTML.
Pay attention to links that display as one URL but take you to another. Those may, or may not, be malicious.
Perhaps the most important thing is to consider the source. If it's a link in a random tweet, email or other posting where you're not at all certain where it came from - don't click. Simple as that. If it's from someone you trust, like perhaps your favorite technical Q&A site or its newsletter, then you're probably safe.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.