Blog


← Back to BLOG

21
Aug
2020
Practice Safe Linking

Practice Safe Linking

Many entrepreneurs want their own software application, or better yet, a platform. 

When you have your own platform, you have arrived, or so the thinking goes.

Unfortunately, building software applications is expensive in terms of time, money and opportunity cost. 

Consequently, it is common to use a hosted platform such as a google form, a fillable-pdf on drop-box, or similar to accomplish the basic functionality for your application. This approach is very common during the early Minimal Viable Product (MVP) stages. 

Using these tools early on is a rational and cost-effective means to iterating towards your billion dollar idea, I get it. I've even been there -- done that myself along the way. 

Before you casually leverage one of these platforms, let's consider a couple of vulnerabilities with using publicly hosted platforms with just "a link".

First, many of these links are essentially unsecured bearer-tokens, or more simply, anyone with the link can access the data. These links often look something like this:

https://somecoolonlineservice/a/b/c/reallylonghardtoremember withallsortsoLongRandomishChactersGoHerethatyouwould neverdoanythingwithotherthancopyandpasteright?dothething

If anyone who has this link can access the data, be prudent about what information you are asking your user to enter, or if you are the user, be mindful of what you enter into someone else's form. You know, think before you type.

Due to the inherit lack of security, these applications should not ask for personally identifiable information like SSN, Driver's License, or your high school secret crush's name.

That's not a problem you say, no one is going to give their link away. Well, you're right, [responsible] people don't often intentionally hand over that soft of thing.

Unfortunately, data has a tendency to leak.

Ever accidentally forward an email to the wrong person?

Ever leave your computer unlocked for a "just a few minutes" that turned into hours?

Ever find out that someone else had access to your email? 2016 election anyone?

Ever get crypto-locked? (Never mind, that's too dark for now).

Ever receive credit monitoring from [insert company name] because one of their [servers, third party providers, employees, lawyers, etc] did [something bad or accidental] and your data is in the wild? I recently received one of these letters from a company that I thought went out of business years ago!

Last one, promise: Ever upgrade your computer and given your old one to your [kid, friend, neighbor, favorite remote-hacker-via-responsible-recycling-efforts]?

In time, most data leaks.

OK, time for one more, related topic.

Remember that long, yucky link. No one wants to type in one of those crazy long links, right? 

A tempting way to get around the long icky, impossible to remember link is to make a redirect URL that is really easy to remember, something like this:

https://linkshorteningservice/username

Or, if you are savvy enough to have your own domain, something like this might be appealing:

https://yourcoolawesomedomainname.com/username

Great, now you have an easy to remember link, problem solved! 

Not so fast. 

Not only can you remember the link, you can easily guess your friend's link. 

Cool, now you can read their info! (I know, you would never do that). But, wait. They can read yours, too. Uh oh.

If you can guess a link, you need to rethink your strategy for distributing links to your user.

If you can guess a link, do not use it for anything sensitive, period.

In summary:

Don't use unsecured shareable links for sensitive data.

Don't create or use links that are easily guessed.

Be mindful of what data you leave behind because, data leaks!

navitend can help you. Call 973.448.0070 or setup an appointment today.

Testimonials

  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • navitend’s approach to customer service is greatly appreciated here at TeamPar.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

    Debbie Broslawski TeamPar
  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance
  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.
  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary