YSK: Social media platforms attach trackers to the end of share URLs (which you can and should delete)

Why YSK: Trackers don’t do good for anyone except the platform, and they’re not necessary to view the content in the URL.

It’s courteous to not subject the recipient (most likely your friends and family) to this tracking. You’re already sending them to the platform, which is tracking them in other ways. But you can help reduce that tracking by removing everything after the ampersand in the URL. Here are some examples.

Twitter example

URL: x.com/CookieSlayers/status/1623712884902567937?s=…

The s=20 is a Twitter-specific parameter to show that the tweet was copied from the web app. s=46 is iOS, and I can’t remember what Android’s code is. This is a relatively clean link, but there are some links that’ll concatenate unique identifiers, like: x.com/CookieSlayers/status/1623712884902567937?s=….

In this case, you’ll notice there’s also a &t= parameter, which is a unique identifier to the person who shared it.

The only part of the URL you need is https://x.com/CookieSlayers/status/1623712884902567937.

Instagram example:

URL: www.instagram.com/reel/CzP877du2EB/?igshid=MzRlOD…

The only part of the URL you need is https://www.instagram.com/reel/CzP877du2EB.

TikTok example

URL: www.tiktok.com/…/7301348328602717482?is_from_weba…

You’ll notice TikTok’s is a lot more readable in terms of what the URL contains.

The is_from_webapp parameter is self-explanatory, as is the sender_device, and then there’s the identifier that’s unique to you. In this case, 7302915057791436331.

The only part of the URL you need is https://www.tiktok.com/@inthepaintcrew/video/7301348328602717482.

The best route^1^ would be to use privacy-respecting frontends, but if you don’t, simply deleting everything after the ampersand goes a long way.

^1^The best route would actually be to not use/reward platforms that are literally destroying humanity, but we’re not there yet, so… in the meantime, let’s just try to decrease the tracking and stop subjecting our friends and family to it as much as possible.

reksas,

What if you modify the tracker, like change some letters? Could that mess up their system if many did it?

yoz,

I like the way you think

irreticent,
@irreticent@lemmy.world avatar

Garbage in, garbage out.

“In computer science, garbage in, garbage out (GIGO) is the concept that flawed, or nonsense (garbage) input data produces nonsense output”

phoenixz,

If you go that route, start collecting real ids of loads of random people and then randomly add those. If you add invalid ones, they’ll just get ignored, but with real random ones it really will fuck with their systems

hiramfromthechi,
@hiramfromthechi@lemmy.world avatar

A few years ago, I came across a tool that did exactly this. It might’ve been a browser extension… When you clicked a link that had trackers, rather than providing a clean URL, it sent incorrect/invalid parameters to the tracking link.

gogosempai,
@gogosempai@programming.dev avatar

YouTube has also started attaching a Share ID of sorts:

youtu.be/dQw4w9WgXcQ?si=rzmQCXsZkblahblah

The “si” query parameter is the tracker in question.

Presumably, it has your user ID embedded in it so all your efforts to concele your identity by using anon IDs on Lemmy/Reddit/Twitter etc routing through VPNs Tor whatnot can be shattered with a single share of a YouTube video. Plus, they can track and associate users with each other based on who all opened your link.

MaxVoltage,
@MaxVoltage@lemmy.world avatar

Thank you senpai next lesson ?

i bet the letterz boys LOVE THIS

LazySoviet,

Really don’t wanna be that guy but I think si stands for - source identifier, correct me if I’m wrong though.

gogosempai,
@gogosempai@programming.dev avatar

Yeah that seems plausible.

c5e3,

simply use this on android: f-droid.org/de/packages/com.svenjacobs.app.leon/

Xander72,

I personally use an app called URLCheck on Android (link)

Replaces your default browser handles and lets you manipulate the URL before it goes to your actual browser.

andthenthreemore,
@andthenthreemore@startrek.website avatar

F-droid link: www.f-droid.org/…/com.trianguloy.urlchecker/

Adalast,

I will add to this that UTM tracking is a little less invasive. I have gotten my boss to use UTM codes instead of full-blown tracking so we can at least capture which ads people clicked on and on which platform without capturing any personal data. As long as you pay attention to the other tags, UTM are reasonable from what I have seen in my research. Gives enough info to let the business know what is going on without letting them know who is doing it.

Adalast,

That said, I use ScriptSafe on Chrome and a similar one on Firefox to ban the tracking code on websites entirely (along with anything that is not 100% necessary to view the page), so even if there are codes in the URLs I open, they are never logged by the analytics services that capture it.

I suggest it to everyone. Block the scripts. It is a pain in the ass whenever you go to a new page, but you have the opportunity to see what off-domain script sources are attempting to execute and you can research the sources, then decide if you want to allow them to execute or not, and decide if you want to associate with a page before you give them much of anything. Overall, distrust google tag manager, Google Analytics, and literally anything that has “ad” in it and you get about 60% of the nasty out of the way.

Fuck cutting the snake off at the head, I for his damn balls. Seems to work too as what advertising I do see, usually while casting streams, is all over the map. I get ads for video games next to ads for hip replacements, and I smile knowing that I have ghosted them as effectively as I can without going off grid.

hiramfromthechi,
@hiramfromthechi@lemmy.world avatar

Not familiar with ScriptSafe—wonder if anyone here can confirm it’s necessary if you’re already using uBlock Origin. I would err on the side of “no,” but you never know.

Adalast,

They do different things. Ad blockers help to manage things that are being displayed, but there are still off-domain scripts that are run that you don’t know what is buried in them. Plugins on website builder services, 3rd party data harvesters, god only knows what else. I use uBlock Origin in conjunction. Google Tag Manager is not blocked by uBlock. There are sites I’ve been to that had like 30 off-domain scripts trying to load shit even with uBlock active.

hiramfromthechi,
@hiramfromthechi@lemmy.world avatar

Indeed, not all UTM tracking parameters are harmful. For example, you could have parameters like ?src=email&campaign=summer2023 that would denote how users engaged with the URL, without necessarily identifying them.

Many platforms, however, will try to identify you and collect as much as possible.

Adalast,

That is how we use them.

Frellwit, (edited )

If you want to remove parameters from urls you can use the removeparam filter in uBlock Origin. Documentation: github.com/gorhill/uBlock/…/Static-filter-syntax#…

For example: /?igshid=$removeparam=igshid,domain=instagram.com

For the best performance it’s recommended to make sure the parameter is included in the filter as seen above with /?igshid, and with the domain it originated from.

Filters for the examples in OPs post:


<span style="color:#323232;">/?igshid=$removeparam=igshid,domain=instagram.com
</span><span style="color:#323232;">?is_from_webapp$removeparam=is_from_webapp,domain=tiktok.com
</span><span style="color:#323232;">&amp;t=$removeparam=/^amp;/,domain=x.com
</span>

There’s also a filter that removes a lot of known params: github.com/…/LegitimateURLShortener.txt

lntl,

Apps should just strip these for us?

Vash63,

Firefox does exactly that, in beta at least. When you copy a URL one of the options is to copy without trackers.

lemann,

That’s exactly what URLCheck does on Android, acts like a middleman for links and allows you to strip tracking parameters etc, before forwarding you to another app to view the link’s contents

Lemmyvisitor,

I’ve found the android app URLCheck to be useful for this. You set it as your default Web browser and it lets you check for redirects before you open the link

Salix,

Yeah, I also recommend URLCheck on Android. You make it your default web browser and you can manually or automatically have the query string removed. It can do other stuff such as resolving redirects before sending it to a web browser.

Or you can use it to clean the URL before sharing it.

wowwoweowza,

I searched up this and am pasting it in again to get rid of the tracking:

youtu.be/pmmG6z4wqO4

wowwoweowza, (edited )

I search up this link that helps spread to word about getting rid of trackers:

youtu.be/pmmG6z4wqO4

Oha,
@Oha@lemmy.ohaa.xyz avatar

Your link has tracking in it tho. You dont need the ?si= part

wowwoweowza,

Yup. I caught that after I clicked send. Oops

starman2112,
@starman2112@sh.itjust.works avatar

You are allowed to edit comments on lemmy

wowwoweowza,

Fixed. Thanks.

intensely_human,

Just to add, the part of the URL that goes like “/foo/bar/123/article/whatever_blah_blah” is called the “path” and the part that looks like “?foo=bar&t=12345&flavor=chocolate&priceInCents=350&etc=etc” is called the “query string”.

Appoxo,
@Appoxo@lemmy.dbzer0.com avatar

Amazon does it as well when you share an article.

fatbeer,

How do we know which links would have this? What is the connection Amazon has to an article? I’m confused, I thought this meant only if you are sharing a link from a social media site.

KingJalopy,

Affiliate links I’m assuming but I’m not sure

Appoxo,
@Appoxo@lemmy.dbzer0.com avatar

Some random article from the Amazon Android App:
Share button: amzn.eu/d/2Ok2Czn
Clicking the link: www.amazon.de/dp/B0BZ5RRT1B?ref_=cm_sw_r_apan_dp_…
Cleaned link: www.amazon.de/dp/B0BZ5RRT1B

Cheradenine,

The op is about social media sites, but almost every site does it. Amazon, news sites, just about anything Google, Facebook.

Shopping sites all do so they can track you across their platform even if you are not signed in. ‘You looked at (premium) Widget, then (bargain) Widget’. They will probably show (mid-priced) Widget somewhere on that page then. If you click an external link on that page it will have tracking parameters along with it.

awnery,

does anybody bother with blocking javascript anymore, like with noscript.net on firefox?

AceSLS, (edited )

Im using uBlock (Medium Mode) and JShelter (Strict Mode). It’s an awesome combination, mixed with Firefoxs already existing anti tracking and resist fingerprint setting (default on Librewolf)

NoScript isn’t very popular anymore since it breaks many Webpages. Only exception is Tor, which comes with NoScript by default. Also there’s uBlock, uMatrix, LibreJS and many more to block scripts nowadays

awnery,

noscript breaks webpages on purpose, because it blocks javascript

AceSLS,

Obviously. That’s why not many poeple use it, they just don’t care enough to handle not being able to use those websites/fix them by configuring their NoScript

ArmoredCavalry,
@ArmoredCavalry@lemmy.world avatar

I use this installable web app for cleaning extra parameters from links - linkcleaner.app

Adds a share target to Android once you install it as well, makes it easy to send links to. Open source too!

livus,
livus avatar

That sounds useful. Although I always fix them, I do get tired of squinting at urls looking for the &.

ZoopZeZoop,

Anyone have an Android version of this?

ArmoredCavalry,
@ArmoredCavalry@lemmy.world avatar

It’s an installable PWA, click the … Menu in Chrome browser and choose “install”. Hope this helps!

root,

I use play.google.com/store/apps/details?id=com.svenjac…

KingJalopy,

Hmmm. I see a ? In that link … Tracking me much??

Jk thanks though

Downloaded btw thanks again

c24w,
@c24w@lemmy.world avatar

I found URLCheck recently. It’s great!

LinkOpensChest_wav,

I downloaded it, but how does it work setting it as your default browser? Doesn’t that prevent links from opening in your browser of choice? (in my case, Fennec)

Salix,

You set URLCheck as your default browser, then you can select an actual default web browser in the app.

c24w,
@c24w@lemmy.world avatar

Or don’t change your default browser at all and selectively share to URLCheck when you need.

lemann,

I dislike that Android makes it so easy to accidentally set an app as default for something, and the only way to reverse it is to revoke all of the app’s defaults

c24w,
@c24w@lemmy.world avatar

You can (at least on my my phone) separately configure the default browser.

LinkOpensChest_wav,

Oh, I see. Thanks. I’ll re-install it so I can try it. I panicked when it asked me to set it as my default browser.

ladel,

deleted_by_author

    •
    Blahaj_Blast,
    @Blahaj_Blast@lemmy.blahaj.zone avatar

    Came here for this

    ono,

    *uBlock Origin

  • All
  • Subscribed
  • Moderated
  • Favorites
  • youshouldknow@lemmy.world
  • kavyap
  • thenastyranch
  • cubers
  • ethstaker
  • InstantRegret
  • DreamBathrooms
  • ngwrru68w68
  • magazineikmin
  • everett
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • GTA5RPClips
  • JUstTest
  • khanakhh
  • normalnudes
  • osvaldo12
  • provamag3
  • cisconetworking
  • Durango
  • tacticalgear
  • modclub
  • Leos
  • megavids
  • tester
  • anitta
  • lostlight
  • All magazines
    •