I’ve noticed a rise in people sharing links to YouTube, Instagram, Twitter, TikTok, and reddit that include tracking parameters in the URL.

It might largely be harmless for now, but it’s not good to let companies build a web of links between users of this site, and to link the usernames of users on this site to their off-site accounts, which may include sensitive info.

SM URL Part Appearance in URL Filtration technique
Youtube Query ?si=* Remove query string
Instagram Query ?igshid=* Remove query string
Twitter Query ?t= Remove query string
Tiktok Subdomain and path (vm/vt).tiktok.com/(random_string) Block
reddit Path /(sub_name)/s/(random_string) Block

This site should only allow canonical links to the content to limit the information exposed.

52 points

yup. tiktok keeps recommending me to add a user here as a friend because I clicked through from a tracking link on hexbear months ago now.

permalink
report
reply
21 points

:oh-shit:

permalink
report
parent
reply
10 points

Yeah I’ve followed half a dozen people from here. Y’all repost good shit.

permalink
report
parent
reply

the word “hextok” enters my mind unbidden… who knows what forces we have unleashed

permalink
report
parent
reply

Yeah… As much as I wish it were not a problem for this site to solve, much like nitter/invidious/etc. links were better solved by a browser extension, It’s such a dangerous practice to allow this for a place that values opsec, that I really think we should get to work on it. Maybe upstream lemmy would accept it as well, we certainly aren’t the only privacy focused instance out there.

Another one I’d add:

SM URL Part Appearance in URL Filtration technique
StackExchange Path /<answer_id>/<referrer_id> Remove final path element
permalink
report
reply

Yeah, maybe it’s better to take it to dessalines instead of keeping it on hb

StackExchange

Good call especially since we know the FBI used data from them in one high-profile sting already lol

permalink
report
parent
reply
9 points
*

I am very much in favor of getting as many of these as convenient off Hexbear. I made a smaller thread about I think the twitter ones a long time ago and it didn’t go anywhere at the time.

Don’t forget the general purpose UTM ones:

utm_content=site-enterprise-button&utm_source=organic&utm_medium=website&utm_campaign=null

These are used across the net, various sites document what they are, like this one: https://mailchimp.com/resources/utm-links/

permalink
report
parent
reply
28 points
*

Agreed. This should be easy enough to implement, no?

EDIT: if we’re scrubbing metadata from posted images we should absolutely be doing this.

permalink
report
reply
16 points

we scrub metadata from images uploaded to hexbear

permalink
report
parent
reply
12 points

Oh I know, I mean that the precedent of metadata scrubbing points toward url cleaning as well, imo.

permalink
report
parent
reply
15 points

ah, yeah, our devs are looking into the url cleaning

permalink
report
parent
reply

Now that the thread quietened down, I did want to comment on image sharing as well. We already know that Facebook implements tracking in metadata, but there is a concern that they might resort to advanced steganography to link images shared on other sites to their origins. If you’re familiar with unsee(.)cc, they implement this by just straight up plastering your IP over the image, but this could be taken further by encoding dots or some wave pattern. Combatting this is really difficult, and I don’t expect us to be able to do much. Personally I’ve been applying a slight imperceptible distortion to images which I shared from somewhere I expect to get tracked on, but that’s extremely overkill. Just wanted to share, since I doubt I’ll get another outlet.

permalink
report
parent
reply
28 points

Firefox started to have “copy without site tracking” on right click as an option.

Doesn’t always work, but at least it’s something. There might websites that do that too, but people here also forget to use archive links so idk how enforceable it is.

At least there’s the bot comments that do a private front end for links to big sites sometimes, but yeah people should be more careful about helping to build shadow profiles that’ll probably exist regardless.

permalink
report
reply

Doesn’t always work, but at least it’s something

The ClearURLs extension has a very robust link copying tool, but I think if we’re relying on the users to have initiative about link cleaning then we’re only as private as the least compliant users on this site.

permalink
report
parent
reply
25 points

The ClearURLs extension is a great for this as it automatically removes the tracking bit from major sites. It doesn’t detect everything though so still good to be wary

permalink
report
reply
7 points

Thanks for the rec, just added this to my browser

permalink
report
parent
reply

hexbear

!hexbear@hexbear.net

Create post

Now that the old Hexbear fork has been officially abandoned, this community will be used as a space for meta-discussion on the site itself.

Community stats

  • 227

    Monthly active users

  • 170

    Posts

  • 1.7K

    Comments