this post was submitted on 29 Nov 2023
972 points (99.1% liked)

Technology

59168 readers
2104 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

cross-posted from: https://lemmy.world/post/8834978

No need to remove the URL tracking parameters manually. 🥳

Firefox copy link without site tracking

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 56 points 11 months ago (5 children)

What this has done for me has highlighted how many things are tracker me and how badly those things are designed because they don't fail gracefully.

I had a telehealth visit link today that broke using this feature. So that's nice to know. My virtual doctors appointments are being tracked by a third party.

[–] [email protected] 37 points 11 months ago* (last edited 11 months ago) (2 children)

Edit, looks like Firefox is smarter than me, ignore this.

I don’t know what the link was doing, but just because FF thought it was “tracking info” does not mean it was nefarious. It could be used for authentication or security. I have not tested it, but I presume this would break a “reset your password” email link.

[–] [email protected] 10 points 11 months ago

So click the regular copy button instead?

[–] [email protected] 8 points 11 months ago (2 children)

I'm rather certain, the way it works is that it removes parameters that are named like well-known tracking parameters. For example, most webpages use Google Analytics, so you see UTM parameters everywhere.

A "reset your password" link could theoretically use a parameter that's named utm_content, then it would presumably get removed by this feature, but I see no sane reason why one would name their password-reset parameter like that.
In general, such tracking parameters are usually named in a way that it will rarely clash with other parameters a webpage may want to use, so for example they may have a prefix like utm_.

[–] [email protected] 1 points 11 months ago

Looking at some comments on the linked post, I think you are right, and it would probably be fine for things like a password reset. I could play around with it, but my laptop is in the other room.

[–] [email protected] 1 points 11 months ago (1 children)

Oh, so it's not just stripping the GET parameters? Okay, that's smarter than I was assuming

[–] [email protected] 1 points 11 months ago

Stripping all GET parameters would break many, many legitimate webpages. 🫠

[–] [email protected] 21 points 11 months ago

Umm, your telehealth link was basically a one time password to log you in/authenticate you.

This feature is for browsing the web where you shouldn’t have to identify yourself to visit a blog about Ravens. If you’re visiting your bank, a service you already use, etc, then the unique url was more for them to confirm it’s you because only you have that unique url.

[–] [email protected] 1 points 11 months ago

This is a good step forward for privacy. However, how it’ll handle data embedded in the URL like MVC?

Also, if it does work well, it’s a matter of time until developers find a way to get around it and probably enhance and increase data collected in the process.

[–] [email protected] 1 points 11 months ago

It's just the GET parameters it's stripping, those can be used for all sorts of things to pass information to a website to be used as variables for all manner of innocuous things... They just get (ab)used by trackers more than normal web traffic since most of the other uses comes from a site that can pass that as a POST instead, which embeds the parameters in the request header rather than making the URL a mile long, and wouldn't be useful (and could actually be problematic) to be shared with others as part of copying it