I’m the author of Flink, a free and open-source (FLOSS) URL Shortener with a ton of handy features. I operate two of the main public instances: flink.is and flink.rtrace.io. Every day visitors create anywhere between 20 and 80 shortened links across both instances. Most visitors use Flink exactly as intended. To make long URLs easier to share, generate QR codes, or create short, memorable link IDs (or “slugs”). But as with any public-facing service, a small fraction of users inevitably try to abuse it. In the world of URL Shorteners, that usually means attempting to disguise phishing sites or spam campaigns behind innocent-looking short links. When this happens, URL Shortener operators often find themselves unfairly blamed by hosting providers or even domain registrars. This post aims to explain, technically and clearly, why that blame is misplaced, and how responsible shorteners prevent abuse.