1698: Theft Quadrants
Title text: TinyURL was the most popular link shortener for long enough that it made it into a lot of printed publications. I wonder what year the domain will finally lapse and get picked up by a porn site.
This is an Eisenhower box comparing how difficult it is to steal a specified object with the severity of the theft.
It is very hard to steal nuclear launch codes. They are protected by many layers of federal security. That's a good thing, too, since if they were stolen, they could be used to start a nuclear war, which would cause untold death and destruction.
It is also hard to steal the Crown Jewels, since they are protected by a complex security system. But if they were stolen, it wouldn't be so bad for most people; the only direct loss would be to its owners, the British royal family, who are well-insured for thefts and only use the Crown Jewels as a display piece for museumgoers. It would also be a loss to the public as a cultural and historical artifact, but would have little practical effect on the world.
It wouldn't be too hard to steal the Wienermobile (a car shaped like a hot-dog, advertising the Oscar Mayer brand). There are several versions of this car, and it would not be more difficult to steal than any other car, although harder to hide. Randall seems to consider that such a stolen vehicle would not be too bad, although he has previously referred to a stolen Wienermobile in 935: Missed Connections, which is driven recklessly, almost hitting someone. But it is not bad enough to consider it a big problem in a context when it is compared with stolen nuclear launch codes.
It also wouldn't be hard (or at least, not as hard as stealing nuclear launch codes or the Crown Jewels) to steal the tinyurl.com domain name, but the consequences of that could be significant and is thus listed under very bad. The joke is of course that this is listed as just as bad as the risk of a nuclear war, and of course it is not as significant, but it could swiftly result in damage to a lot of important computers, and ruin references in journals etc.
TinyURL offers a URL shortening service. They provide short URLs that redirect to long ones. This is useful if you want to write down a very long URL as it saves typing and is more accurate. Other companies, including bit.ly, Google (ultimately fully discontinued March 30, 2019), and Twitter offer a similar service. TinyURL was, for a while, the most popular of these URL shortening services. If their domain name were stolen, all the redirects from short URLs could be changed to forward traffic to sites hosting, for example, malware. This would have significant effects on a large number of people, because TinyURL is used in many places both online and (as the title text notes) even sometimes offline.
In the title text Randall implies that stealing the tinyurl.com domain could happen when it next expires. A whois search as of February 2021 finds that the tinyurl.com domain is next due for renewal in January 2029. However, rule changes made by ICANN (the organization in charge of domain name registrations) now make it effectively impossible to steal a domain name because the owner allowed its registration to lapse. Current rules for .com registrations now allow for the original owner to renew their domain name after it expires during a 0-45 day auto-renew grace period. The exact length of this grace period depends on what company the domain is registered with. All registrars are then required to give a 30 day redemption grace period during which the domain may be renewed with penalty. As a result, tinyurl.com would have a 30-75 day period after expiration during which the domain is not available for registration by a third party. ICANN rules state that DNS resolution must be stopped during the redemption grace period, which means that there will be a 30 day period during which tinyurl.com will no longer work but the company will have the ability to quickly restore ownership of their domain. It is very unlikely that any company that is still in business would not notice that their domain name has expired before the end of the 30 day redemption grace period.
Another way to steal a domain name would be through domain name hijacking. There have been some high profile cases of domain name hijacking, with one of the more notable domains being nike.com in 2000. However, whether or not this is a risk for any particular domain name is difficult to estimate. Additional security mechanisms such as domain name locking and private registrations have been introduced to mitigate the threat of domain name hijacking. Further, domain name hijacking relies on situation-specific attacks such as hacking email accounts, spoofing emails, and social engineering attacks against either the company who owns the domain name or the company who registers the domain name. For security-conscious companies, such attacks can be impossible, or at least an attacker's success may require security failures in more than one area. A summary of domain hijacking examples including an analysis of how they succeeded and what steps could have prevented them can be found here. In short though, there is no way to say for sure how vulnerable any particular domain name might be to hijacking.
- [A chart with an Eisenhower box, consisting of four labelled squares. To the left the rows are labelled hard and easy and two lines goes to from these labels to a description of what the labels refer to saying "how hard thing would be to steal". On the bottom the rows are labelled not that bad and very bad and two lines goes to from these labels to a description of what the labels refer to saying "how bad it would be if someone stole it". The top left box is labelled "the Crown Jewels". The top right box is labelled "the nuclear launch codes". The bottom left box is labelled "the Oscar Mayer Wienermobile. The bottom right box is labelled "the tinyurl.com domain name".]
add a comment! ⋅ add a topic (use sparingly)! ⋅ refresh comments!