I’ve noticed a rise in people sharing links to YouTube, Instagram, Twitter, TikTok, and reddit that include tracking parameters in the URL.

It might largely be harmless for now, but it’s not good to let companies build a web of links between users of this site, and to link the usernames of users on this site to their off-site accounts, which may include sensitive info.

SM URL Part Appearance in URL Filtration technique
Youtube Query ?si=* Remove query string
Instagram Query ?igshid=* Remove query string
Twitter Query ?t= Remove query string
Tiktok Subdomain and path (vm/vt).tiktok.com/(random_string) Block
reddit Path /(sub_name)/s/(random_string) Block

This site should only allow canonical links to the content to limit the information exposed.

  • aaro [they/them, she/her]@hexbear.net
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    11 months ago

    Tiktok links can be scrubbed of their tracking by resolving them one time, letting the 9-character random alphanumeric unique string be resolved out in a web browser upon visit to a 19-character numeric only video identifier plus separated tracking parameters, and then cleaning up the GET parameters that come out when you resolve it. See this post I made a while ago https://hexbear.net/post/216322?scrollToComments=false

    • What_Religion_R_They [none/use name]@hexbear.netOP
      link
      fedilink
      English
      arrow-up
      12
      ·
      11 months ago

      Really good point, but in my opinion this should be left to the person doing the posting. If Hexbear implements this link resolution on the server, it could potentially be used to link the user to Hexbear itself. Again, very paranoid, but I think it’s more pragmatic to just block. Alternatively, proxitok can be used to resolve the deobfuscated URL, thereby the user isn’t linked back to Hexbear, but this is significantly more complicated and leaves Hexbear dependent on a third-party service.