In 2025, together with two friends, we decided to launch LinkSentry, the first crowdsourced-based, link auditing service for websites.

LinkSentry continuously and automatically identifies a website's external links to identify those that do not belong. LinkSentry is able to discover links to everything from expired domains and parked websites, to low-quality sites, ones that redirect you elsewhere, and straight up malware.

If that's all you need to know, visit our external link-auditing service and give us a shot. LinkSentry was built on the back of 14 years of academic research, solving real problems that others do not wish to solve.



Backstory

This is a brief story of how the core idea of LinkSentry was born.

Back in 2011 (more than 14 years ago at this point) I started working a project, mapping the JavaScript dependencies of the popular web. The question was essentially a supply-chain security question: who are the JavaScript providers for the most popular sites on the web? Can these providers be compromised as a stepping stone to reaching harder-to-compromise targets?

You are what you include, CCS 2012
The paper that started it all...

The result of that work was our CCS 2012 paper shown in the figure above. In that paper, among many interesting findings, we discovered that some of the most popular sites on the Internet were requesting JavaScript from domains that had expired. In other words, all attackers had to do was register a domain for $10, host malicious JavaScript on the right path, and get Cross-Site Scripting (XSS) capabilities on sites with millions of users.

That idea (the links that we once trusted cannot be automatically trusted in the future) slowly but surely spread and started gaining ground in my mind. Many seemingly unrelated problems like cloaking (malicious sites show one page to search engines and another to users), malicious ads (send ad-clicking users to different content after the ad is approved), and web shells getting compromised by opposing hacking groups, were all re-interpreted as instances of that core issue.

Over the last 14 years, I have written more than a dozen papers that in some way talk about the problem of content integrity, accidental linking, and expired domain names. I kept waiting for someone to solve the problem for me. "I'll write the papers, the industry will act upon them," I said to myself. Yet the industry never did.

So here we are. I love doing research, publishing top-tier work, and getting wet-behind-the-ears students and calling them "Dr." five years later. At the same time, I also want to have more impact in this world. LinkSentry is my honest and earnest attempt at that impact. It was made with love and with the backing of more than a decade of academic work.

Thank you for coming to my TED talk.