this post was submitted on 18 Oct 2024
174 points (99.4% liked)

privacy

2937 readers
1 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
174
PSA: You might be unknowingly doxxing yourself by sharing links containing trackers (lemmy.ca)
submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]
20 comments fedilink hide all child comments
 

Earlier today I came across a Reddit comment with a link to an Instagram post. The link had ?igsh= at the end.

When I clicked on the link, I got this popup. It had a name and profile photo that was different from that of the post being shared.

Join Firstname Lastname on Instagram

See photos, videos, and more from Firstname Lastname.

[ Open Instagram ]

not now

I avoid link trackers. However, I did not realize it was this bad.

To my knowledge, TikTok does the same thing and lists the name of the person that shared the link. Assuming this increases engagement, any website could enable such a feature, even on old links that you shared in the past.

You should manually remove any trackers before sharing, or use an app for it.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 53 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

For anyone who wants to take this seriously but doesn't know what to do:

TL;DR: Chop off everything after the question mark.

Usually these trackers are at the end of the URL, after a ?. That's called the "query string parameters" of the URL, and it's where developers will attach extra information for the server or page. Often, those are benign and useful: It's a token that identifies you to the server, or it's context about what you're trying to do. Sometimes you can eyeball the query string params and guess what they do, e.g.:

coolvideos.com/videos/5432?fullscreen=true&autoplay=true&time=12021

or

cheapshoes.com/search?query=adidas+tennis&category=womens&filter=discounted

or

https://m.youtube.com/watch?v=dQw4w9WgXcQ

If you chopped off everything after the question mark, the URL should still work, it'd just give you a default version of that page. In these examples, there would be no privacy risk to sharing the URLs somewhere.

But query string params are also where alot of marketing/tracking bullshit goes. When you see URLs with UTM params like "utm_medium" and "utm_campaign", that's marketing bullshit. They can also contain info about who you are, like what OP is describing: If it's some kind of referral link for example, then it might look like pyramidscheme.com/special-offer?associate_id=455&source=facebook. It might be esoteric too, like the "igsh" param in OP's post (which I assume is short for "Instagram share" or something?). That WOULD be a privacy concern.

So yeah... Often you can eyeball it and figure out what (if anything) to remove... And if in doubt, try chopping off the question mark and everything following it, and see if the URL still works.

[–] [email protected] 4 points 2 weeks ago (1 children)

But don't stop there, they can also put in some BS in the regular URL bit. Amazon does this, so my solution is to chop off segments between forward slashes and try the URL until it ends up not working, then paste the smallest version of the URL that works.

Or fire up incognito or a private window (or whatever your browser calls it) and search for it directly from the webpage. So for amazon, just open up amazon.com and search for the product name. Even if it has tracking BS, it'll be a lot less than if you used it from a window where you were logged in.