Yeeturl, a end-to-end encrypted URL shortener

Project URL: https://yeeturl.glitch.me/

yeeturl is a privacy-respecting URL shortener that has no way to read your URLs. Your URLs are encrypted with a securely-generated 8 character password in your browser. Even though it has all of these privacy features, it still works the same as other popular services with one big difference - we can’t read your stuff.

3 Likes

Very cool! I just have two things to recommend:

  1. Make an option for urls to last longer than a year
  2. Instead of redirecting on the client side, you should create a 302 redirect on the server.
3 Likes

Yes, many URL shorteners can last more than 3 years (such as bit.ly)

  1. I will add the option to make URLs never expire once I’ll be able to afford a big database.

  2. 302 redirects are not possible because the server can’t read your URLs (and their passwords). In case you’re wondering, the password and short link are stored after the hash ("#" in the URL), which means they aren’t sent to the server (see https://en.wikipedia.org/wiki/URI_fragment#Basics).

2 Likes

As you expand, I recommend either moving your project to a VPS, or make a DB on one.

1 Like

Cool!
https://yeeturl.glitch.me/#3c66e3/Q+JXuC6W

2 Likes

Thats one risky click lol

Wow, there is no meta tag. That means you can rickroll people with different links.

That’s actually an issue I’ll have to address soon. Adding metatags would make the encryption pointless as they can’t be added on the client side because very little URL preview apps actually run JavaScript, which means the metatags such as description would need to be stored in plaintext by the server. I believe a good alternative to this would be showing the user where the URL redirects to before performing the redirection.

You could essentially get the meta tag from the HTML some way.

There isn’t a way to do this without defeating the whole purpose of E2EE. I want the server to never know what people are shortening, and adding metatags from the destination website would require the server to know the password.

I am saying, you should at least make a meta tag that has the link or the favicon.

Could you explain a little bit more?

So, for instance, when someone adds a site to your service, a link or favicon will be saved and can be used later on for things such as meta tags.

Like I said before, such thing is not possible without making the server know (somewhat detailed) information about your URL or password. I’m currently working on a feature where you will be able to see where yeeturl is going to redirect you before it happens.

It just needs the url, and it returns a custome meta tag

I made an “alternative” to what you wanted that works good enough while still keeping your URLs fully end-to-end encrypted.

It looks simple, but should prevent people from falling for things like IP loggers.

Edit: I could also add some kind of preview card here, but I don’t want this app to be too bloated as it’s just a URL shortener.

3 Likes

I like it, add some sort of a time out so that people can read it.

The redirection doesn’t happen automatically so there’s nothing to worry about that.

To be honest, the timeout would be better (or a feature to enable/disable previews) like so:
Preview off: https://go.aboutdavid.me/glitch
Preview on: https://go.aboutdavid.me/glitch~

3 Likes