Yeeturl, a end-to-end encrypted URL shortener

Project URL: https://yeeturl.glitch.me/

yeeturl is a privacy-respecting URL shortener that has no way to read your URLs. Your URLs are encrypted with a securely-generated 8 character password in your browser. Even though it has all of these privacy features, it still works the same as other popular services with one big difference - we can’t read your stuff.

3 Likes

Very cool! I just have two things to recommend:

  1. Make an option for urls to last longer than a year
  2. Instead of redirecting on the client side, you should create a 302 redirect on the server.
3 Likes

Yes, many URL shorteners can last more than 3 years (such as bit.ly)

  1. I will add the option to make URLs never expire once I’ll be able to afford a big database.

  2. 302 redirects are not possible because the server can’t read your URLs (and their passwords). In case you’re wondering, the password and short link are stored after the hash ("#" in the URL), which means they aren’t sent to the server (see https://en.wikipedia.org/wiki/URI_fragment#Basics).

2 Likes

As you expand, I recommend either moving your project to a VPS, or make a DB on one.

1 Like

Cool!
https://yeeturl.glitch.me/#3c66e3/Q+JXuC6W

2 Likes

Thats one risky click lol

Wow, there is no meta tag. That means you can rickroll people with different links.

That’s actually an issue I’ll have to address soon. Adding metatags would make the encryption pointless as they can’t be added on the client side because very little URL preview apps actually run JavaScript, which means the metatags such as description would need to be stored in plaintext by the server. I believe a good alternative to this would be showing the user where the URL redirects to before performing the redirection.

You could essentially get the meta tag from the HTML some way.

There isn’t a way to do this without defeating the whole purpose of E2EE. I want the server to never know what people are shortening, and adding metatags from the destination website would require the server to know the password.

I am saying, you should at least make a meta tag that has the link or the favicon.

Could you explain a little bit more?

So, for instance, when someone adds a site to your service, a link or favicon will be saved and can be used later on for things such as meta tags.

Like I said before, such thing is not possible without making the server know (somewhat detailed) information about your URL or password. I’m currently working on a feature where you will be able to see where yeeturl is going to redirect you before it happens.

It just needs the url, and it returns a custome meta tag

I made an “alternative” to what you wanted that works good enough while still keeping your URLs fully end-to-end encrypted.

It looks simple, but should prevent people from falling for things like IP loggers.

Edit: I could also add some kind of preview card here, but I don’t want this app to be too bloated as it’s just a URL shortener.

3 Likes

I like it, add some sort of a time out so that people can read it.

The redirection doesn’t happen automatically so there’s nothing to worry about that.

To be honest, the timeout would be better (or a feature to enable/disable previews) like so:
Preview off: https://go.aboutdavid.me/glitch
Preview on: https://go.aboutdavid.me/glitch~

3 Likes

and please disable previews for rick rolling it’ll take the fun out of them

The comment above mine and below yours says why this would be a bad idea.

They could still add a feature like https://yeeturl.glitch.me/preview/URL.
And if you are talking about rick rolls then they can still be disguised.

Can you all explain how the previews should work? I was thinking about some kind of card that displays information about the website extracted from metatags, just like Discord does.

Metatags can be easily fooled:

You would think this does to the Glitch website, but it goes to my website instead.

3 Likes

Honestly, I don’t think previews make sense at all for a URL shortener. They would have to be generated on the client side anyway.

;-;

I guess this is my next project, A meta tag mimic

able to afford a big database

@leeceeksdee
it looks like that the api actually accept links with expiration times =
(Infinity,very large numbers and negative numbers), would you like to add some server side verification of the expiration time? (although actually it expires almost immediately)

It also accepts large expiration times such as this link: yeeturl (expires after 999999 months)

Ya you need to

This is what you can do if you change the “max” attribute

note that I am not going to put this, I’m just saying that there should be some backend thing so people can’t glitch the system and have urls for years.

Can’t you use post or your own slider to achieve this?

2 Likes

Yep. I noticed this too. The shortening of links will be blocked for a few days until this will be resolved. Existing links will continue to work, but I’ll probably delete that link above which expires after a large amount of time (this kind of breaks the terms).

This has been fixed and all features are back up.

To be honest, if I used a link shortner that has links that expired after a year, I would not use it.

3 Likes

It really depends on your use case - personally, I just use this service to switch between browsing websites on my phone and computer without any intrusive syncing features or a company mining my URLs to “analyze traffic and trends”.
Also, see question 2 in privacy.txt:

We are low on storage space and want to keep our service running properly even if there’s a high demand for it.

Our storage space isn’t extremely low, but I’m sure it will keep on adding up really fast - I’m already getting emails asking if there’s an API available (presumably to use the service for other websites).

P.S. API documentation is coming soon.

I already found out how the API works by looking at the code, so yeah.

1 Like

The API is very simple to use, but I want to make it easier to understand for people who (for example) don’t have time to look at code or don’t like reverse engineering stuff.

Can I help with this?

1 Like

Sure! Everything is open-source so all you need to do in order to contribute is make a pull request.

1 Like

Where is the code hosted?

Everything is available at https://github.com/yeeturl

If you are looking for what’s running on Glitch, you want https://github.com/yeeturl/node-server

2 Likes