I’ve noticed a rise in people sharing links to YouTube, Instagram, Twitter, TikTok, and reddit that include tracking parameters in the URL.

It might largely be harmless for now, but it’s not good to let companies build a web of links between users of this site, and to link the usernames of users on this site to their off-site accounts, which may include sensitive info.

SM URL Part Appearance in URL Filtration technique
Youtube Query ?si=* Remove query string
Instagram Query ?igshid=* Remove query string
Twitter Query ?t= Remove query string
Tiktok Subdomain and path (vm/vt).tiktok.com/(random_string) Block
reddit Path /(sub_name)/s/(random_string) Block

This site should only allow canonical links to the content to limit the information exposed.

  • JoeByeThen [he/him, they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    11 months ago

    What likely happened was that someone found and took advantage of an instagram exploit that allowed for cross site scripting. In other words, the instagram server allowed for a 3rd party server to steal cookies or something like that from the instagram session. It’s very likely that whatever code was executed (or instagram fixing the exploit) just resulted in the users being redirected to their main account or whatever so it didn’t look like anything out of the ordinary.