Do You Dare Click On A URL These Days?

It's getting scarier out there, because by clicking on a link [1], you may end up getting a rude "knock" on the door from the FBI, saying you like kiddie porn. The intent is good in the sense that law enforcement is trying to get people who try to obtain illegal material. But what would happen if someone sent you a link shrunk by TinyURL that actually goes to a FBI honeypot link? I know, I know, the FBI would never just throw someone in jail for making an honest mistake...right?

The chances are low that something like this would happen. But mistakes can easily occur. Case in point (stay with me - this story eventually ties in to the theme of this post): I was at a client a couple of years ago that used CVS for source control. Long story short, it would die a lot, and someone would have to go over to the box and get the service back up and running. It became protocol for the first developer who noticed this to send an e-mail to a general e-mail alias to "kick CVS". Well...one day a developer decided to "fake" an e-mail from "sucky dot com" (I'll warn you right now, don't go to that site [2] - I'll explain why in a moment), saying "I'm CVS and I suck - please kick me!", or something like that. Everybody laughed at that, but then my boss and I got curious. We knew that an e-mail alias like that could easily be faked, but we wondered if he went the whole nine yards, registered the domain, and put up an HTML page saying "CVS SUX" or something like that. Like a doofus, I typed in that URL, and...HOLY CRAP, BOOBIES! That also got a big laugh from everyone on the team [3], but here's the point. It was an honest mistake (stupid, yes, but honest). I don't spend all day typing in random URLs, but mistakes occur. I would hope that the FBI has really thought this through, end to end. Get the ones who are truly at fault with the law, not those who did a fat finger on the keyboard or who got a link to a URL that's obscure or just came up with a link they thought should work...but doesn't the way they expect it to [4].

[1] Now, the question is...did you click on the link I just provided?

[2] Actually, I don't know if that still exists. I'm not going to visit it again (especially on the client's network) to find out!

[3] A friend of mine did something similar to this where he worked years ago, when he was trying to hit NetFlix's site, but for some reason he thought it was Hotflix or something like that. Yep, he got a porn site. In his case, though, the IT swat team came storming over to his desk, demanding to know why he was looking at the porn during work hours. Fortunately they realized it was a mistake, but he was sweating bullets - he thought he was going to get his ass hauled out of the building that day. In my case, everyone knew it was a mistake, so no harm, no foul.

[4] The band that played at my wedding is called Streetlife (great band, BTW). Their URL is http://www.streetlifejazz.com/. They wanted to use the URL that didn't have the word "jazz" in it...but that URL was already registered...to a gay porn site (at least it did - again, not something I'm going to verify at the client site). Not that there's anything wrong with that, but that wasn't the site they wanted their fans to go to either! It was kind of funny seeing Warren at their shows telling people about their new web site, which was at "street life JAZZ dot com". He'd always emphasize the "jazz" :).

* Posted at 03.27.2008 04:35:07 PM CST | Link *

Blog History