Earlier today, Facebook temporarily blocked URLs shortened with the Ow.ly domain used by HootSuite, possibly in response to a worm distributed in an Ow.ly link. The worm’s shortened URL contains the Facebook query string “?=www.facebook.com/photo.php” which could fool users into thinking they were visiting a Facebook page. All Ow.ly links on Facebook, legitimate and malicious, temporarily led to Facebook’s blocked abusive site error page.
When asked to comment, Facebook said “As we recently explained in a blog post, spammers sometimes try to hide their malicious links behind URL shorteners like Tiny URL or bit.ly, and in rare cases, we may temporarily block all use of a specific shortener.” The post says that “When we’re notified about one of these sites, we immediately add it to a block list and prevent Wall posts or messages that link to it.” While preventing users from reaching dangerous sites through Facebook is critical, blocking honest links by disabling a entire shortener creates negative experiences too.
While Facebook users should be wary of depending on shortened URLs which can break if that shortener dies out, many still use them to track clicks to links they post in their status updates. The Baptist Press Facebook Page posts Ow.ly shortened links to its news site in each of its updates, all of which were broken by Facebook’s block. Facebook must confront the question of where to draw the line between protecting users and offering them consistent, reliable service.
[Update: The problem has been resolved and Ow.ly links are once again posting to Facebook.]