Why YSK: Trackers don’t do good for anyone except the platform, and they’re not necessary to view the content in the URL.


It’s courteous to not subject the recipient (most likely your friends and family) to this tracking. You’re already sending them to the platform, which is tracking them in other ways. But you can help reduce that tracking by removing everything after the ampersand in the URL. Here are some examples.

Twitter example

URL: https://x.com/CookieSlayers/status/1623712884902567937?s=20

The s=20 is a Twitter-specific parameter to show that the tweet was copied from the web app. s=46 is iOS, and I can’t remember what Android’s code is. This is a relatively clean link, but there are some links that’ll concatenate unique identifiers, like: https://x.com/CookieSlayers/status/1623712884902567937?s=20&t=Fn47fnSDJUD74bd9.

In this case, you’ll notice there’s also a &t= parameter, which is a unique identifier to the person who shared it.

The only part of the URL you need is https://x.com/CookieSlayers/status/1623712884902567937.

Instagram example:

URL: https://www.instagram.com/reel/CzP877du2EB/?igshid=MzRlODCFWFlZA==

The only part of the URL you need is https://www.instagram.com/reel/CzP877du2EB.

TikTok example

URL: https://www.tiktok.com/@inthepaintcrew/video/7301348328602717482?is_from_webapp=1&sender_device=pc&web_id=7302915057791436331

You’ll notice TikTok’s is a lot more readable in terms of what the URL contains.

The is_from_webapp parameter is self-explanatory, as is the sender_device, and then there’s the identifier that’s unique to you. In this case, 7302915057791436331.

The only part of the URL you need is https://www.tiktok.com/@inthepaintcrew/video/7301348328602717482.


The best route1 would be to use privacy-respecting frontends, but if you don’t, simply deleting everything after the ampersand goes a long way.

1The best route would actually be to not use/reward platforms that are literally destroying humanity, but we’re not there yet, so… in the meantime, let’s just try to decrease the tracking and stop subjecting our friends and family to it as much as possible.

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      1
      ·
      edit-2
      1 year ago

      It’s getting worse too. Recently I’ve noticed Reddit links from friends looking like:

      reddit.com/r/example/s/1234567

      Which then redirects to the actual reddit.com/r/example/post/comments/1938473

      I believe Spotify and Tiktok do short tracker-filled links like that too. If you’re on android, URLCheck can wrangle those links to find the actual content without the trackers. I’ve set it to intercept all clicked links so I can modify as needed.

      On web / iOS, I’m not sure

      • example@reddthat.com
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        1 year ago

        I haven’t checked how reddit does this but just from the example it seems like there is no anti tracking from the use of urlcheck that you’re describing.

        reddit appears to generate tracking link with a specific numeric identifier in their database, so instead of attaching a bunch of removable url parameters they instead do a lookup in their database and then redirect to the original destination.

        this also means your app checking the redirect will need to fetch the url to determine the destination, which means their tracking still works just fine.

        edit: a word

        • Otter@lemmy.ca
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          I’ve been meaning to look into how the URL expansion works. If it happened on the device then I guess it doesn’t help much, but if it happens elsewhere it might fix the tracking?

          It might also limit how much identifying information is attached to it. If the original link opens in my app, then they can tie accounts together. If it’s wrangled by a third party app, then I open the clean link, they just get my IP address

        • candybrie@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          If the goal is to share clean links, getting the url after the redirect accomplishes it. The tracking that’s done isn’t on your friends/whoever you share the link with, but done on the app. Which does generally defeat the purpose of their tracking.

    • InFerNo@lemmy.ml
      link
      fedilink
      arrow-up
      26
      ·
      1 year ago

      No, this applies to these specific parameters. Removing question marks and ampersands from urls will often break the pages if you don’t know what you’re doing or don’t know what the parameters are for.

    • Sanity_in_Moderation@lemmy.world
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      1 year ago

      On YouTube, adding “&t=37s” starts the video at 37 seconds. It is pretty useful.

      That is the full extent of my coding knowledge.

    • ilinamorato@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Not true on every site. Try it in your browser without the query string first before assuming that’s the case. The app I work on, for instance, uses the query string to set date/time ranges and filter data.

    • Eagle0110@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Though I’ve always wondered if that’s always consistently the case, and when that’s not the case is there any mostly consistent way to identify the separator symbol in the URL text strings :/

  • Lemmyvisitor@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    18
    arrow-down
    1
    ·
    1 year ago

    I’ve found the android app URLCheck to be useful for this. You set it as your default Web browser and it lets you check for redirects before you open the link

    • Salix@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Yeah, I also recommend URLCheck on Android. You make it your default web browser and you can manually or automatically have the query string removed. It can do other stuff such as resolving redirects before sending it to a web browser.

      Or you can use it to clean the URL before sharing it.

  • Adalast@lemmy.world
    link
    fedilink
    arrow-up
    16
    ·
    1 year ago

    I will add to this that UTM tracking is a little less invasive. I have gotten my boss to use UTM codes instead of full-blown tracking so we can at least capture which ads people clicked on and on which platform without capturing any personal data. As long as you pay attention to the other tags, UTM are reasonable from what I have seen in my research. Gives enough info to let the business know what is going on without letting them know who is doing it.

    • Adalast@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      That said, I use ScriptSafe on Chrome and a similar one on Firefox to ban the tracking code on websites entirely (along with anything that is not 100% necessary to view the page), so even if there are codes in the URLs I open, they are never logged by the analytics services that capture it.

      I suggest it to everyone. Block the scripts. It is a pain in the ass whenever you go to a new page, but you have the opportunity to see what off-domain script sources are attempting to execute and you can research the sources, then decide if you want to allow them to execute or not, and decide if you want to associate with a page before you give them much of anything. Overall, distrust google tag manager, Google Analytics, and literally anything that has “ad” in it and you get about 60% of the nasty out of the way.

      Fuck cutting the snake off at the head, I for his damn balls. Seems to work too as what advertising I do see, usually while casting streams, is all over the map. I get ads for video games next to ads for hip replacements, and I smile knowing that I have ghosted them as effectively as I can without going off grid.

      • HiramFromTheChi@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Not familiar with ScriptSafe—wonder if anyone here can confirm it’s necessary if you’re already using uBlock Origin. I would err on the side of “no,” but you never know.

        • Adalast@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          They do different things. Ad blockers help to manage things that are being displayed, but there are still off-domain scripts that are run that you don’t know what is buried in them. Plugins on website builder services, 3rd party data harvesters, god only knows what else. I use uBlock Origin in conjunction. Google Tag Manager is not blocked by uBlock. There are sites I’ve been to that had like 30 off-domain scripts trying to load shit even with uBlock active.

    • HiramFromTheChi@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Indeed, not all UTM tracking parameters are harmful. For example, you could have parameters like ?src=email&campaign=summer2023 that would denote how users engaged with the URL, without necessarily identifying them.

      Many platforms, however, will try to identify you and collect as much as possible.

  • intensely_human@lemm.ee
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    1 year ago

    Just to add, the part of the URL that goes like “/foo/bar/123/article/whatever_blah_blah” is called the “path” and the part that looks like “?foo=bar&t=12345&flavor=chocolate&priceInCents=350&etc=etc” is called the “query string”.

  • reksas@lemmings.world
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    What if you modify the tracker, like change some letters? Could that mess up their system if many did it?

    • Phoenixz@lemmy.ca
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      If you go that route, start collecting real ids of loads of random people and then randomly add those. If you add invalid ones, they’ll just get ignored, but with real random ones it really will fuck with their systems

    • HiramFromTheChi@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      A few years ago, I came across a tool that did exactly this. It might’ve been a browser extension… When you clicked a link that had trackers, rather than providing a clean URL, it sent incorrect/invalid parameters to the tracking link.

  • Frellwit@lemmy.world
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    1 year ago

    If you want to remove parameters from urls you can use the removeparam filter in uBlock Origin. Documentation: https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam

    For example: /?igshid=$removeparam=igshid,domain=instagram.com

    For the best performance it’s recommended to make sure the parameter is included in the filter as seen above with /?igshid, and with the domain it originated from.

    Filters for the examples in OPs post:

    /?igshid=$removeparam=igshid,domain=instagram.com
    ?is_from_webapp$removeparam=is_from_webapp,domain=tiktok.com
    &t=$removeparam=/^amp;/,domain=x.com
    

    There’s also a filter that removes a lot of known params: https://github.com/DandelionSprout/adfilt/blob/master/LegitimateURLShortener.txt

  • Xander72@lemmy.one
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    I personally use an app called URLCheck on Android (link)

    Replaces your default browser handles and lets you manipulate the URL before it goes to your actual browser.

    • RooPappy@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Google search does it too. Hangouts used to. Not sure about Messages and other Google services.

        • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Thankfully haven’t seen AMP links posted to lemmy in a loooong time. At the beginning of the migration it was pretty painful though, had to use some de-amputator website to fix the links since there was (and still is) no bot to handle them

      • Kusimulkku@lemm.ee
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Even Wikipedia does it. I think it’s to see what platforms people are using it on

        • dreamer@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Keep in mind, there are many valid reasons for tracking or things that can be utilized to track or fingerprint you. I however feel there’s no transparency, there is often no basis for trust for these websites and I feel they share/sell data with reckless abandon so it is from that angle I approach issues like these from.

          • Kusimulkku@lemm.ee
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            Oh for sure, I don’t mind it at all that Wikipedia puts a referrer in the end to indicate what platform the link is shared from. Of course that’s far cry from proper tracking and whatnot.

    • Vash63@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      Firefox does exactly that, in beta at least. When you copy a URL one of the options is to copy without trackers.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      That’s exactly what URLCheck does on Android, acts like a middleman for links and allows you to strip tracking parameters etc, before forwarding you to another app to view the link’s contents

  • Gogo Sempai@programming.dev
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    YouTube has also started attaching a Share ID of sorts:

    https://youtu.be/dQw4w9WgXcQ?si=rzmQCXsZkblahblah

    The “si” query parameter is the tracker in question.

    Presumably, it has your user ID embedded in it so all your efforts to concele your identity by using anon IDs on Lemmy/Reddit/Twitter etc routing through VPNs Tor whatnot can be shattered with a single share of a YouTube video. Plus, they can track and associate users with each other based on who all opened your link.

    • Ace! _SL/S@ani.social
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Im using uBlock (Medium Mode) and JShelter (Strict Mode). It’s an awesome combination, mixed with Firefoxs already existing anti tracking and resist fingerprint setting (default on Librewolf)

      NoScript isn’t very popular anymore since it breaks many Webpages. Only exception is Tor, which comes with NoScript by default. Also there’s uBlock, uMatrix, LibreJS and many more to block scripts nowadays