cross-posted from: https://lemmy.ca/post/31187638

Earlier today I came across a Reddit comment with a link to an Instagram post. The link had ?igsh= at the end.

When I clicked on the link, I got this popup. It had a name and profile photo that was different from that of the post being shared.

Join Firstname Lastname on Instagram

See photos, videos, and more from Firstname Lastname.

[ Open Instagram ]

not now

I avoid link trackers. However, I did not realize it was this bad.

To my knowledge, TikTok does the same thing and lists the name of the person that shared the link. Assuming this increases engagement, any website could enable such a feature, even on old links that you shared in the past.

You should manually remove any trackers before sharing, or use an app for it.

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    103
    arrow-down
    2
    ·
    edit-2
    18 days ago

    I tend to manually strip out anything random hash-looking from URLs. Not so much because I’m worried about identity being exposed, but because it just encourages data-mining and figuring out what causes people to post links places.

    There’s some open-source app I recall on Android in F-Droid that will do this for a set of known sites, “Link Cleaner” or something.

    kagis

    “Leon – URL Cleaner”. I assume that this is an allusion to the movie.

    https://github.com/svenjacobs/leon

    I also strip off the extension that the Wikipedia app adds to indicate that Wikipedia links are from the app.

    I also strip off “m.” leading URLs, like “m.wikipedia.org”, since that, by convention, forces desktop users to see a mobile version of a site, which is not normally what they want, whereas a non-.m link will still show the mobile site to mobile users.

    • oce 🐆@jlai.lu
      link
      fedilink
      arrow-up
      46
      ·
      18 days ago

      Latest versions of Firefox offer to copy and paste URL without trackers. I am not sure how it compares to specialized tools.

      • tb_@lemmy.world
        link
        fedilink
        arrow-up
        15
        ·
        18 days ago

        uBlock Origin also has a filter built-in, though you have to enable it. It’s under Filter Lists > Privacy > AdGuard URL Tracking Protection

        • JadenSmith@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          ·
          18 days ago

          Thank you, I had no idea. Already had uBlock Origin on my phone (FF), so that’s one less extension needed. Works perfectly!

    • tb_@lemmy.world
      link
      fedilink
      arrow-up
      17
      ·
      18 days ago

      Generally anything that comes after a questionmark in a URL can be safely stripped out, though not always. The random string of characters you get after a youtu.be link is tracking, the ?t=123 is a timestamp.

      • Ephera@lemmy.ml
        link
        fedilink
        arrow-up
        7
        ·
        18 days ago

        YouTube has an even better example of it being problematic to strip the parameters. The original video links look like this:

        https://www.youtube.com/watch?v=dQw4w9WgXcQ
        

        The thing is, the stuff after the question mark isn’t inherently bad, we just have the convention that the path (/watch) should identify a static resource on the server, whereas the stuff after the question mark is more variable or user-specific.

        But YouTube is older than that convention. If YouTube got built today, that URL would look more like this:

        https://www.youtube.com/watch/dQw4w9WgXcQ
        

        On the other hand, the URL of a specific search result page would still look the same, even with today’s conventions, because it doesn’t identify a static resource:

        https://www.youtube.com/results?search_query=never+gonna+give+you+up
        
    • kambusha@sh.itjust.works
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      18 days ago

      URLCheck may be the app you’re thinking of.

      Edit: the way it works, is that you set it up as your default browser. Then, whenever you hit a link, it will open up URLCheck first, and you’ll get to decide what to do with the link, strip away query parameters, and which app to open the link with.

      • CrayonRosary@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        16 days ago

        you set it up as your default browser

        You don’t have to. You can just copy any URL and share it to the app. Then copy it from the app.

      • otter@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        5
        ·
        18 days ago
        1. Setting anything as your default “browser” when it’s not a browser is only a little sus — “open” source, or no.

        2. Don’t share a link if you can’t find its complete “verbose” version.

        3. 🤷🏽‍♂️🤞🏽

        • MicrowavedTea@infosec.pub
          link
          fedilink
          arrow-up
          3
          ·
          18 days ago

          How is it more “sus” than setting any other application as default browser? It needs to be default because that’s how Android works.

        • Cheradenine@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          18 days ago

          You can also set default browser to ‘none’ then anytime you tap a link a list of browsers and things like Leon, URL check etc. will pop up. In any case they don’t require internet access to work.

    • Asifall@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      18 days ago

      Yeah I have a habit of doing this and then testing the link to find the smallest possible version. Mostly because I find it annoying when I want to text a link to someone and it takes up an entire page of the chat.

    • wrekone@lemmyf.uk
      link
      fedilink
      arrow-up
      3
      ·
      18 days ago

      Leon is great. I try to remember to use it anytime I share a link. As a result, I have found that that some links are just the base url plus a UUID (e.g. mycoolshoppingsite.com/GAJEBKT), so you can’t strip out the tracking without breaking the link entirely.