this post was submitted on 18 Oct 2024
174 points (99.4% liked)

privacy

2937 readers
1 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 2 years ago
MODERATORS
 

Earlier today I came across a Reddit comment with a link to an Instagram post. The link had ?igsh= at the end.

When I clicked on the link, I got this popup. It had a name and profile photo that was different from that of the post being shared.

Join Firstname Lastname on Instagram

See photos, videos, and more from Firstname Lastname.

[ Open Instagram ]

not now

I avoid link trackers. However, I did not realize it was this bad.

To my knowledge, TikTok does the same thing and lists the name of the person that shared the link. Assuming this increases engagement, any website could enable such a feature, even on old links that you shared in the past.

You should manually remove any trackers before sharing, or use an app for it.

top 20 comments
sorted by: hot top controversial new old
[–] [email protected] 67 points 2 weeks ago (4 children)

Firefox has an option called copy link without trackers on their desktop version which covers a lot of this.

[–] [email protected] 20 points 2 weeks ago (3 children)

It doesn't cover YouTube link trackers :/

[–] [email protected] 16 points 2 weeks ago

Yeah I was surprised about it. That tracking parameter is one that I notice the most and almost everyone includes it. It made me think that feature is either broken, or in misunderstanding what it supposed to do.

[–] [email protected] 7 points 2 weeks ago (2 children)

I use an extension that handles A LOT of these unneeded parameters for me on desktop FF, and on Android i use an app that does some processing on URLs, among it cleaning URLs, as my default browser so it gets to URLs before i open any. This saves me some manual handling.

[–] [email protected] 6 points 2 weeks ago

ClearURLs is the only thing that works for me. Adguard and Firefox have tracking removal features, but they don't seem to work most of the time.

[–] [email protected] 3 points 2 weeks ago

Untracker lets you copy links on Android without tracking parameters, but it's so annoying in YouTube. I have to click the share button to get the fake YouTube share menu and then swipe past preferred options that I never use to reach the "more" option that reveals the real share menu and then select Untracker to see the link and then it gives me the option to copy (for sharing) or share (which also gives the option to copy). Often going through this process causes YouTube to stop playing.

[–] [email protected] 2 points 2 weeks ago (1 children)

It does remove ?feature=shared and ?si=... from youtu.be links. Maybe not from youtube.com links, though I'm not sure how people get those in the first place.

[–] Longmactoppedup 3 points 2 weeks ago (1 children)

Pipepipe share just gives YouTube.com links. Like this:

https://www.youtube.com/watch?v=HUUy3mnAhCE

Is there tracking in that URL?

[–] [email protected] 3 points 2 weeks ago

Nope, that's clean. HUUy3mnAhCE is just the ID of the video itself, not a unique identifier for your sharing of this video.

[–] [email protected] 5 points 2 weeks ago

Safari too, part of default tracking prevention, though both browsers miss a lot of tracker types, so extensions are still needed to handle the rest.

[–] [email protected] 2 points 2 weeks ago

Firefox has an option called copy link without trackers

Thunderbird also does that . (Not surprising since it's also a Mozilla project)

[–] [email protected] 1 points 2 weeks ago

Most browsers do but it's literally never worked for me. There is a very popular browser extension that will strip them though.

[–] [email protected] 53 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

For anyone who wants to take this seriously but doesn't know what to do:

TL;DR: Chop off everything after the question mark.

Usually these trackers are at the end of the URL, after a ?. That's called the "query string parameters" of the URL, and it's where developers will attach extra information for the server or page. Often, those are benign and useful: It's a token that identifies you to the server, or it's context about what you're trying to do. Sometimes you can eyeball the query string params and guess what they do, e.g.:

coolvideos.com/videos/5432?fullscreen=true&autoplay=true&time=12021

or

cheapshoes.com/search?query=adidas+tennis&category=womens&filter=discounted

or

https://m.youtube.com/watch?v=dQw4w9WgXcQ

If you chopped off everything after the question mark, the URL should still work, it'd just give you a default version of that page. In these examples, there would be no privacy risk to sharing the URLs somewhere.

But query string params are also where alot of marketing/tracking bullshit goes. When you see URLs with UTM params like "utm_medium" and "utm_campaign", that's marketing bullshit. They can also contain info about who you are, like what OP is describing: If it's some kind of referral link for example, then it might look like pyramidscheme.com/special-offer?associate_id=455&source=facebook. It might be esoteric too, like the "igsh" param in OP's post (which I assume is short for "Instagram share" or something?). That WOULD be a privacy concern.

So yeah... Often you can eyeball it and figure out what (if anything) to remove... And if in doubt, try chopping off the question mark and everything following it, and see if the URL still works.

[–] [email protected] 4 points 2 weeks ago (1 children)

But don't stop there, they can also put in some BS in the regular URL bit. Amazon does this, so my solution is to chop off segments between forward slashes and try the URL until it ends up not working, then paste the smallest version of the URL that works.

Or fire up incognito or a private window (or whatever your browser calls it) and search for it directly from the webpage. So for amazon, just open up amazon.com and search for the product name. Even if it has tracking BS, it'll be a lot less than if you used it from a window where you were logged in.

[–] [email protected] 10 points 2 weeks ago (1 children)

Pretty much every site on the internet is using tracker links at this point. And many times they won't even be visible if you click or hover on them.

For instance, on Facebook literally any link you click will look like a normal link but when you click on it, it sends you to a tracking domain at l.facebook.com. I just blocked the entire domain. If there's an Instagram or YouTube video posted it'll actually hide the link altogether, and even the title, so there's literally no way you can reach that content without going through their tracking service.

[–] [email protected] 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I cant believe lemmy is using tracker links

The internet is much bigger than the few websites that track links

[–] [email protected] 2 points 2 weeks ago (1 children)
[–] [email protected] 4 points 2 weeks ago
[–] [email protected] 7 points 2 weeks ago

I get around this by not using dogshit platforms.