Loading Profile...
Why do you use redirection links in e-mails?
If I click on a link in any e-mail I view via the OIB web interface, OIB always takes me to a cryptic address which then redirects to the original page. Why do you change the e-mails' links? Do you track which pages I visit? Why?
I’m skeptical
2
people have this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
The company marked this question as answered.
The best answer from the company
-
Daniel,
Thank you for your great question!
We redirect links in your messages for security reasons. We do not track which links our users click in any way.
When you click on a link, the site you visit can see the URL of the page you came from. For OIB, this means that the site you visited could potentially see the full message that you came from (the email in OIB that contains the link you clicked). We change the URLs for your messages often, but for a short time, this means someone else could view one of your messages.
To avoid this, we redirect the links to our website first (the "http://my.otherinbox.com/r?url=" you see at the beginning of the link). This way, the site you visit only sees that you are coming from our site.
This becomes even more important if you were to read your messages over RSS. If we didn't redirect the links this way, the site you visit could potentially see all of the messages in your RSS feed.
I’m happy
The company and 1 other person say
this answers the question
-
Inappropriate?Daniel,
Thank you for your great question!
We redirect links in your messages for security reasons. We do not track which links our users click in any way.
When you click on a link, the site you visit can see the URL of the page you came from. For OIB, this means that the site you visited could potentially see the full message that you came from (the email in OIB that contains the link you clicked). We change the URLs for your messages often, but for a short time, this means someone else could view one of your messages.
To avoid this, we redirect the links to our website first (the "http://my.otherinbox.com/r?url=" you see at the beginning of the link). This way, the site you visit only sees that you are coming from our site.
This becomes even more important if you were to read your messages over RSS. If we didn't redirect the links this way, the site you visit could potentially see all of the messages in your RSS feed.
I’m happy
The company and 1 other person say
this answers the question
-
Inappropriate?Could the OIB interface expose the endpoint URL to the user, while still providing the redirection? I'd like to know before I click that I'll be redirected to (for example) https://paypal.com and not (say) http://183.43.104.23/PAYPALCOM/scam.php. -
Inappropriate?Ben - does the status bar in your browser now show you URL? The only thing we do is append "http://my.otherinbox.com/r?url=" to the front. Everything after that is the URL you would actually be directed to.
-
Inappropriate?The recent load has made me think. When I click a link, I have to wait for OIB which is being slammed, and then wait for whatever site. Sometimes it's fast and sometimes not. I wonder how much it would effect things to have a dedicated machine (or machines) for redirecting so that at least that's fast. Maybe not worth the effort, though, if adding those machines to the general pool would speed things up as much.
I’m glad to know about the security angle on this.
-
Inappropriate?Ben H. - That's a very good idea and something we will definitely consider as we explore ways to "lighten the load" and make the site faster.
I’m thankful for the suggestion
-
Inappropriate?Hoon, can you please explain how a site can possibly see which URL I came from and how it can see my message? As far as I know no browser sends part of the browsing history to any website. Also, no website has any access to content from another site you visited before. Maybe this is the reason why almost no website even does what you do, except websites which analyze clicks and therefore user behavior.
Can you please explain how it's technically possible for a website to do what you said? I see no point in redirecting other than you analyzing users' behavior.
I’m concerned
1 Comment Add a comment
This answers the question
-
Whenever you click a link, your browser builds an HTTP request to send to the new host for whatever content resides at that address. As part of this request is a header called the referrer. It is the URL of the site that had the link you clicked on. This isn't something the site with the link fills in, but something your browser does. This is how, for instance, Wordpress tracks who's linking to your blog in their stats page.
So, actually, your browser does send a part of the browsing history to every website you visit via a link. I hope this doesn't come off as condescending, but it's important to know how these things work. Depending on how much information OIB encodes in the URLs of their service, it could every well be a security risk. I am, myself, a web developer and nothing he said sounded implausible to me.
EMPLOYEE
