Whoops, that Redirect

What is it this time.

Discord generates link previews.

Again - DISCORD generates link previews.

What are you getting at?

Sometimes a link isn't just a link. Look at Google's new share link nonsense. You don't get to see what you're actually clicking on until you feed Google some traffic, and you have to assume it's what the person sharing the link actually wanted to show you. Google could be swapping in AMP links or caving to censorship, removing the way you share something without needed to block the destination - who needs a canonical URL anyway.

Ok, but what solution are you proposing?

Quite the opposite. I made a shortlink generator that feeds you a different redirect the first time.

Generate a share link, post it in Discord, and their servers happily request my site and see a redirect to follow. Their tooling generates a nice preview of that destination.

Now, anyone ELSE who clicks that link will get the REAL destination URL.

Host it yourself. Debug mode is memory only, non-debug... uses sqlite to persist data, but does nothing to prevent duplication or actual locking for count updates (not that there's real diagnostic output).

https://github.com/Retsel2112/whoopsydoodle/

How does that even work?

Discord doesn't ask every user to access and generate link previews client-side. This would be a terrible idea, since any bad actor could grab everyone else's IP addresses that way (post a link to a site you control, watch the traffic, and that's everyone active in the channel). Instead, Discord reaches out and does that itself, sending what it sees out to the channel. This gives us an opening to feed Discord's servers one site and anyone else another.

I don't have a UI team, so I kept it simple:

Very basic website showing two text input boxes and a submit button

The only output needed is the booby-trapped link. Pasting that into Discord...

Discord preview showing the Wikipedia article for "Practical Joke"

Everything looks fine. Now let's click...

Browser showing the YouTube page for Rick Astley's "Never Gonna Give You Up"

Well that's the beauty of trusting a URL shortening service.

What about ${OTHER_SERVICE}?

Another service I considered was Signal. In its case, the link preview is generated on the message initiator's device (maybe to prevent IP grabbing while simplifying the server, it doesn't matter). In this case, your own device will make that first request and generate the thumbnail (although something doesn't seem to be working quite right on my redirect site when using a phone browser, which is odd). Anyway, this same methodology works to send a fake preview through Signal.

For now, I have a VERY bare-bones proof-of-concept (or GTFO, after all) at https://redir.640x480.info running the repo code. I made a NodeJS version with a React frontend because that's something that makes a significant difference, but I'll switch to that when this one-core VM falls over. They both support in-memory debug and sqlite-backing based on a runtime flag, and I'll admit - Gemini did the light lifting in the port. Knowing what it was supposed to do, the fixes took hardly any time at all.