Published on

Hacking a URL Shortener into a Comment System

Authors

Static HTML generators are fun to play with, but they (obviously) suffer from a lack of dynamic content. Today I experimented with using URL shorteners as a distributed hash table as a means of commenting on static sites.

After five hours of dealing with eccentricities of various URL shorteners, I can say: don't try this.

While I solved all the design issues, the providers of link shortening services have a lot of unexpected behavior whose circumvention will break your hackometer. For example, while some link shorteners will allow cross-domain requests for creating a shortened link, they don't allow cross domain requests to de-reference the shortened URL. You can circumvent this by using a service called LongURL, which won't block cross-origin requests. However, the service is unreliable. For example, this URL points to my blog and the LongURL service failed to dereference it until ~30 minutes had passed.

Given these implementation issues, I am going to conclude that someone (botnet?) has tried to use the "link shortener datastore" before which forced providers to create a web of authentication or breakage.

If anyone wants to continue the hack from where I left off, I have some thoughts for how to proceed with a design. First, you need to be able to customize the shortened URL to contain a cryptographic hash of the prior URL. This will ensure that there is a comment chain where discovering each comment is dependent on discovering the prior comment. The base case of no prior comments is tied to the href of the content.

The properties produced by these requirements are that:

  • You know every comment followed the one proceeding it.
  • There is a definitive chain of comments for every URL.
  • You can have different comment chains if you put an anchor on the page.

But remember, don't try this.


Not dereferencing the post...

30 Minutes Later...