Close
FFF
Menu
Get started

OFFF we go again!

Youssef Nassim
Youssef NassimFounder

I began work on OFFF more than six years ago, back at university. What started as a spaghetti PHP/jQuery app has evolved into a full-stack JavaScript application. Along the way, it underwent a complete rewrite, a service shutdown, and a final rewrite. Yet, despite all this, the previously created links continued to work seamlessly and never stopped redirecting.

I'll save the technical choices for another post—probably the next one. This post is about welcoming back our old users, all three thousand of you, and clarifying the current situation.

Why the shutdown?

Reason #1: The use

Aside from a few niche use cases, the two primary types of users for URL shorteners today are marketing teams and spammers. While the former is always welcome, the latter became a major issue.

Without diving into technical details, spammers use URL shorteners to hide the original link of their malicious website behind the newly created short links. My service was sort of a facilitator to steal people's sensitive data, and I was witnessing that. Not hands tied, of course. Fortunately, I regularly received reports from cybersecurity firms identifying harmful links. Initially, I used to manually go through my emails and delete the reported links one by one. But this was tiring as I received multiple reports almost daily.

A temporary solution I implemented was a Python script to automate the removal of spam links from the database. But clearly, this wasn't able to prevent spammers from creating new links and taking advantage of the small window they get before their pages are flagged and reported.

To be honest, I assume OFFF was probably a spammer's favorite, especially because other established shorteners like Bitly somehow deal with spammers much more quickly. The spammers don't get to achieve their malicious goals with their services.

Reason #2: The code

There are no stories to tell about this one. As I mentioned, I wrote the MVP back at university, and I sucked at coding at the time. The codebase was so brittle that even getting my fingers close to the keyboard could cause something to break. A complete rewrite was the only viable option.

What have I done to address the issues?

To tackle the security concerns, the first step was to make signing up mandatory to use the service. This will chase away lazy spammers and give me ground to ban the persevering.

Additionally, I have on the roadmap to implement an API provided by Google to automatically identify and block suspicious links.

As for the code, I've rewritten the app in a stack that I'm much more comfortable with now. Maintenance and development of new features are now a breeze.

One last caveat for the greater good

Actually, there are two things I need to highlight.

Email verification

In the legacy OFFF, email verification was not required to shorten links even after signing up. Now, for the reasons mentioned earlier, verification is mandatory. If you're an existing user, you can log in with your old credentials and send yourself a verification email from the dashboard. Or better, if you used to log in with a Google account, you can simply use the Google sign-in button.

Still not finished

Software is never a finished product, but OFFF still lacks some close-to-necessary stuff. It's for you now to look around and find out. If something is clearly missing, it means it's already on the roadmap (e.g., Help pages).

Speaking of the roadmap, I'll dedicate an entire post to that soon. I didn't want to make this one too long.

© 2025 OFFF. All rights reserved.