I see a lot of people, including friends and family, sharing URLs rife with tracking parameters.
I feel alone in making sure that I’m sharing the cleanest possible URLs to others. For example, checking if the URLs are shortened to hide plenty of tracking params.
Just need to vent, thanks for reading.
Edit: adding some context for future references.
By using url tracking params, tech companies can track who shares the content and who clicks on that specific shared urls. A simple but effective tracking method.
Try sharing Instagram post or YouTube video from the apps.
Instagram adds ‘igshid=’ . YouTube adds ‘si=’.
If you share the same IG or YouTube content from different accounts. The ‘igshid’, ‘si’ value will be different.
This can be used to tag who shares it, and who clicks on that specific url param value.
TikTok hides a ton of such params behind shortened url. Try expanding tiktok shared urls.
If you use android, use this app to expand, analyze and clean up urls https://github.com/TrianguloY/UrlChecker
If you use Firefox (you should), install ublock origin and add this url tracking filter maintained by adguard: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt
Friends and family don’t know what cleaning a URL means. Nobody does.
That’s why I always install ClearURLs on my family members computers
Great extension and good recommend
Thank you for the suggestion. Downloaded
deleted by creator
You’re right
They don’t necessarily need to; hopefully we can help people install uBlock Origin which removes tracking query parameters from URLs. See privacy.txt
And ironic that OP doesn’t share how to clean them.
Because I don’t expect the target audience to be here in /c/privacy
You don’t think anyone is here to learn how to be more private on the Internet? You just expect everyone to already know everything
Because it’s different for every website.
There’s a lot of common patterns, but you have to understand how URLs work. You have to recognize which URL parameters are tracking ones or even just might be tracking. And that means you have to know how they work and that takes a moment.
In brief, URL parameters start after a ? in the URL and are formatted like key1=values&key2=value2. You can’t usually remove all parameters because not all are tracking. To further complicate things, URLs can also have an anchor starting with a # character which will be after the URL parameters. You often don’t want to remove that (though theoretically the anchor could in fact contain tracking details).
It’s often trial and error to see which parameters you can remove. I do this a lot since I write a lot of technical documentation. Clean URLs make the documentation more compact and less likely to break. It’s not just tracking stuff, but sometimes you need to remove temporal data that makes a page display data from a specific time when you want it to just default to the current time (etc).
deleted by creator
I had someone watch me edit a URL in the address bar and she clearly thought I was just fucking around, because there was no possible way that any human could edit the Matrix language up there and accomplish anything productive.
That’s part of my point. Most people just don’t know.
That’s like telling someone to just tune their carburator.deleted by creator
Thankfully uBlock Origin removes those parameters for us. The default filters include a whole bunch of
removeparamfilters; e.g. privacy.txt See also removeparam.Maybe you could help your friends and family install Firefox and/or uBlock Origin? Every little bit helps :)
As long as they don’t link them to those links, thereby confusing them to the point of being completely turned off to the idea
To be honest 99% of people, certainly including me, probably don’t recognize tracking elements in a URL unless they’re like affiliate links.
Pretty much all junk which isn’t human readable is tracking info
Hard to follow that as a rule. Consider any YouTube video, the video id isn’t exactly human readable.
Actually it’s pretty easy. While not necessarily universally true, 98% of the time if there is a question mark everything after it is completely useless and can be removed.
for example of youtube, if you just use the share link from mobile you will get something like this
https://youtu.be/NMGQnFr0wMI?si=wcY56UThMAL6qkeg
However the only thing needed is
discord is similar, share a picture and you get shit like
but all that’s needed is
https://media.discordapp.net/attachments/425755272191934466/1160245184110526586/1696478537347025.png
the ? is almost always used as an escape from the actual url. So if you see a question mark, Just remove everything after it and things will most likely still work.
This holds true for youtu.be links, but not youtube.com/watch?v=
Discord file url parameters are to prevent using discord as a free cdn. I believe discord plans on actually enforcing expiration later this year or early next year, at which point those extra url parameters will actually be necessary (and the links will no longer work indefinitely)
By the way for anyone who doesn’t know, the ? only appears once in the url. Successive question marks are instead denoted by &
Here is an alternative Piped link(s):
https://piped.video/NMGQnFr0wMI?si=wcY56UThMAL6qkeg
https://piped.video/NMGQnFr0wMI
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Yeah it doesn’t work for every website, but it’s an okay starting point
If people were really good at removing that info, they’d probably create a unique hash including all that data that we wouldn’t be able to edit.
I mean, I’ve seen companies start shortening links with the tracking info inside it. Amazon and Spotify are ones I see frequently
There it is :/
I’m aware that with most privacy issues, a lot of people have limited understanding about it. Hell, I’m probably ignorant on many other privacy issues outside of this topic.
Phones and chrome are designed to prevent people from noticing that they’re being tracked and helping big tech track others
It’s not just safer, they’re nicer to look at too. I hate seeing a 20 character URL followed by a
?and 200 characters.Edit:
product links are a major offender here.Agreed. Recently youtube started adding tracking parameters (
?si=) to their share links. I always clean them up.This would be a good feature add to Lemmy. Clean pre-post.
If you get them to install ClearUrls in their browser (Firefox, not Firefox), they can copy/paste URLs directly from their URL bar and the URL will be clean with no extra effort.
I keep it enabled in all my browser profiles pretty much always
If you use ublock origin, I find add-ons such as ClearURLs to be no longer necessary.
You can just add url tracking filter like this one maintained by adguard to ublock origin: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt
For more tech-savvy users, sure. But I thought you were looking for a way for less technical users to share scrubbed URLs. You’re not going to get the less technical users out there who share URLs to add a URL tracking filter list to uBlock Origin, but getting them to install ClearURLs is within the realm of possibility.
I didn’t remember it well, but after checking it again, the list is actually included in the default filter list. It just needed to be activated if it hasn’t. I don’t remember the default behavior.
How do I use this filter?
I just double checked, it should be included in the default filter list.
https://i.imgur.com/uKmWh0L.jpg
You just need to activate it.
For me this doesn’t seem to clean URLs though, it just blocks them and makes me type in the link manually.
Is there a way around this?
I also use that one, on both my desktop and Android (I use Firefox dev, so I can use whatever addons I want). It does break some sites like banking and unique login URLs and the addon doesn’t have any whitelist feature. So sometimes it goes disabled for a while without me noticing.
Yeah, some high-tracking sites do break, and I’ll need to turn it off temporarily. If ClearUrls breaks a site, it means that the site baked tracking into the functional features of the site itself (which, besides being terrifying, violates GDPR).
It’s not necessarily tracking (for information anyway) though. For example, Plex Desktop app uses unique links to make the login possible via a browser. Some payment breaks because the bank requires an E-ID verification to make bigger purchases, and it happens to do that in a way that looks weird to a dumb add-on.
deleted by creator
People generally don’t care (I myself am not at the level of this community). It also involves enough technical know-how that most people won’t care. It’s like asking people to use a CLI, not going to happen. I’m pretty sure I’m one of the few people who still C&P URLs to share, most people hit a “Share” button.
You’re both right: most people don’t know what any of this means, but also people who know often don’t care. In my group of friends there are 2 programmers, they perfectly understand this yet they still share links full of trackers in the group chat.
My strategy is to friendly scold them (a programmer should know better) and in the same message share the same link without tracking rubbish. This way my non-technical friends can also see how short the same link can become.
Yea, I do it less for privacy reasons, and more for tidiness. Tracking parameters can be so unwieldly nowadays. Something that’s 30-40 characters long can balloon to 200-300 characters.
It’s not just browser though, sharing links from apps also generate these URLs. A lot of people then share these links through chat apps.
I do realize that most people are not aware of it, that’s why I said this is more of a rant. Just want to vent to fellow privacy minded people.
Indeed. I use Léon on Android, very straightforward, open source, and easy to install and configure…
Nice. I personally prefer using this one: https://github.com/TrianguloY/UrlChecker
This app is awesome, using it and really enjoying it
I would say this is my app do the year
It looks like Lèon is for sharing (outbound) links to others whereas UrlChecker handles shared (inbound) links. Is that right? Or can UrlChecker also scrub a link before I send it?
It fortunately does both. You “share” a gross link to URLCheck, clean it up within the app, then can share the clean URL to whatever app.
Thanks. I tried it briefly along with Leon and LinkSheet (also mentioned in the comments). URLCheck is hands down the best of the bunch, but its UI is so terrible and obtuse that I can’t bring myself to have to interact with it regularly. Will keep an eye on it though!
You can also use LinkSheet.
Interesting, I never really thought about this before. I wonder if there’s a clipboard manager that does this automatically?
There is a Firefox plugin which I believe is called CleanURLs.
it’s interesting that you mention the shorturls OP… I’m almost positive as of today that those links you can share that are like amazon.com/a/ab3cd4 are customized tracking links.
Problem is, if you paste it in your browser from the app, it doesn’t go back to the original URL. You have to search the product again and customize the color, number, etc, and then strip tracking again from the url.
Most people just want to send a friend a link of the thing they think they’ll like.
For android, I use this: https://github.com/TrianguloY/UrlChecker
For firefox, I use ublock origin and add then anti url tracking list. Adguard maintains such a list. I forgot the exact name though.
Edit: it’s this one https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt
I wish websites would clean their URLs
Yeah I always mention it when people send a link with all the extra stuff, how you can usually delete everything past the question mark
Some apps are hiding it behind shortened URLs. So it looks clean, but if you expand it, then oh boy.
Yeah I hate that I never trusted shortened urls
Occasionally there will be an id or something in the parameters that breaks the link if it’s absent. I dislike those URLs.
The OCD part of me really wants to clean up those URLs simply because the link becomes a massive novella of garbage that’s harder to read than Yu-Gi-Oh card text.
I do this because I hate super long URL’s, but is this actually a problem for privacy? Does it not actually fuck with the tracking because now two separate people have got the same tracking Params? (Genuine question).
Nope. It’s a nightmare. The ad company now knows that you are friends or family
But what If you send it via social media like Lemmy or Reddit?
Then they know who’s the poster (you), they can know your username if they want to. A lot of people use the same username in many places, so unless you use different usernames in different social media, it’s still valuable data.
If not that, seeing how the content spreads through social media and analyzing the reach is interesting data by itself.
Most tracking parameters actually just specify the source the link came from. Like Twitter or an email. I don’t see a lot of tracking parameters that literally are tried to an individual account. But here you seem to be saying that’s the most common type of tracking param
Try sharing Instagram post or YouTube video from the apps.
Instagram adds ‘igshid=’ . YouTube adds ‘si=’.
Try sharing the same IG or YouTube content from different accounts. The ‘igshid’, ‘si’ param value will be different
It can be used to tag who shares it, and who clicks on that specific url param.
TikTok hides a ton of such params behind shortened url. Try expanding tiktok shared urls.
Then they know that person follows you
I click links on Lemmy all over the place, I don’t follow anyone in particular?
I wouldn’t go as far as to say that once two people have clicked on the same tracking link the company behind it can tell what your relation is directly. What they will know is that the two or more people are connected in some way, to then infer in what way, they need other circumstantial data, maybe they have an account on that website and they share the surname or, even easier, without account they can tell that the requests came from IPs that come from a circumscribed area, and on and on, the more data points you add the better predictions the company can make.
If several IPs from disparate places in the world use the same link they can probably tell that the link was shared on social media, not knowing which one, but it was sent in a public internet space at least
