They are popular to use for sharing links on Twitter because of the platform’s 140-character limit, and they are widely used by digital marketers for increased click-through rates and analytics tracking. They are so common, in fact, that bitly.com has claimed to have shortened over 26 billion URLs to date.
However, as a recent Cornell University research study revealed, short URL's associated with cloud services like Microsoft OneDrive were susceptible to attack because “the space of 5- and 6-character tokens included in short URLs is so small that it can be scanned using brute-force search. Therefore, all online resources that were intended to be shared with a few trusted friends or collaborators are effectively public and can be accessed by anyone. This leads to serious security and privacy vulnerabilities.”
Short URL's can also redirect unsuspecting users to malware sites by camouflaging the original link with the shortened version. Malicious sites alter the original published short URL (by something as simple as changing an ‘o’ to a zero) which can be hard to detect.
This presents a problem, not just for the users, but for content publishers as well. For example, a blogger may create a Google short link for his or her most recent post. The blogger will want to make sure that once the post is published on the web, it will always point to the blog and won’t be redirected to a different URL destination, causing them to lose traffic.
To solve this problem, the creators of Chainy are using SHA-256 (Secure Hash Algorithm), invented by the NSA, to create cryptographically hashed short links that are time stamped onto the Ethereum blockchain. This adds an extra layer of security and transparency to the short link. Chainy provides a constant and unchanged endpoint for the final URL, with no outside interference. This guarantees that the blogger’s URL destination cannot be redirected by someone else once a short link is created.
To take it one step further, users can also use Chainy to combine a short link with a file, together in a smart contract, and put it on the Ethereum blockchain. This potentially cuts out the need to rely on a third party server such as Google Drive or Dropbox to store documents because an independent smart contract can function without a website, and the Cornell report states that these drives are insecure:
“More than 7% of OneDrive and Google Drive accounts we discovered by scanning short URLs contain world-writable folders. This means that an adversary can automatically inject malicious content into these accounts.”
However, it’s important to note that Ethereum currently doesn't have the storage capacity to host a file the way that Dropbox does. That may change in the future once the Ethereum Foundation implements its distributed file storage system, SWARM. For now, Chainy relies on cryptographically hashing the file upload and time stamping it. Once the file is uploaded and hashed to the Ethereum blockchain, there is no way to reverse or alter it. Of course, you can always modify the document and re-upload it again later, but the time stamp on the original document ensures that a record of the ‘original’ document is publicly available and can never be changed.
This raises an interesting question about the use of digital signatures on the blockchain. As of right now, there is no legal precedent to suggest that a cryptographically hashed and time stamped document on the Ethereum blockchain would be admissible in court. But with more regulation, this could change in the future.
Without signed and secured legal documents to facilitate the transfer of goods and services (e.g. shipping and freight) from one party to another, whole industries would be rendered inoperable. This prompts banks, legal entities, and governments to charge hefty fees for validating transactions and authenticating the documents used to procure them. If a new peer-to-peer framework of signing and securing documents were to emerge, it could streamline trade and business dealings across the global economy.