I’ve noticed a rise in people sharing links to YouTube, Instagram, Twitter, TikTok, and reddit that include tracking parameters in the URL.
It might largely be harmless for now, but it’s not good to let companies build a web of links between users of this site, and to link the usernames of users on this site to their off-site accounts, which may include sensitive info.
SM | URL Part | Appearance in URL | Filtration technique |
---|---|---|---|
Youtube | Query | ?si=* | Remove query string |
Query | ?igshid=* | Remove query string | |
Query | ?t= | Remove query string | |
Tiktok | Subdomain and path | (vm/vt).tiktok.com/(random_string) | Block |
Path | /(sub_name)/s/(random_string) | Block |
This site should only allow canonical links to the content to limit the information exposed.
Agreed. This should be easy enough to implement, no?
EDIT: if we’re scrubbing metadata from posted images we should absolutely be doing this.
we scrub metadata from images uploaded to hexbear
Oh I know, I mean that the precedent of metadata scrubbing points toward url cleaning as well, imo.
ah, yeah, our devs are looking into the url cleaning
Now that the thread quietened down, I did want to comment on image sharing as well. We already know that Facebook implements tracking in metadata, but there is a concern that they might resort to advanced steganography to link images shared on other sites to their origins. If you’re familiar with unsee(.)cc, they implement this by just straight up plastering your IP over the image, but this could be taken further by encoding dots or some wave pattern. Combatting this is really difficult, and I don’t expect us to be able to do much. Personally I’ve been applying a slight imperceptible distortion to images which I shared from somewhere I expect to get tracked on, but that’s extremely overkill. Just wanted to share, since I doubt I’ll get another outlet.