Earlier today I came across a Reddit comment with a link to an Instagram post. The link had ?igsh= at the end.
When I clicked on the link, I got this popup. It had a name and profile photo that was different from that of the post being shared.
Join Firstname Lastname on Instagram
See photos, videos, and more from Firstname Lastname.
[ Open Instagram ]
not now
I avoid link trackers. However, I did not realize it was this bad.
To my knowledge, TikTok does the same thing and lists the name of the person that shared the link. Assuming this increases engagement, any website could enable such a feature, even on old links that you shared in the past.
You should manually remove any trackers before sharing, or use an app for it.
Pretty much every site on the internet is using tracker links at this point. And many times they won’t even be visible if you click or hover on them.
For instance, on Facebook literally any link you click will look like a normal link but when you click on it, it sends you to a tracking domain at l.facebook.com. I just blocked the entire domain. If there’s an Instagram or YouTube video posted it’ll actually hide the link altogether, and even the title, so there’s literally no way you can reach that content without going through their tracking service.
I cant believe lemmy is using tracker links
The internet is much bigger than the few websites that track links
For anyone who wants to take this seriously but doesn’t know what to do:
TL;DR: Chop off everything after the question mark.
Usually these trackers are at the end of the URL, after a ?. That’s called the “query string parameters” of the URL, and it’s where developers will attach extra information for the server or page. Often, those are benign and useful: It’s a token that identifies you to the server, or it’s context about what you’re trying to do. Sometimes you can eyeball the query string params and guess what they do, e.g.:
coolvideos.com/videos/5432?fullscreen=true&autoplay=true&time=12021
or
cheapshoes.com/search?query=adidas+tennis&category=womens&filter=discounted
or
https://m.youtube.com/watch?v=dQw4w9WgXcQ
If you chopped off everything after the question mark, the URL should still work, it’d just give you a default version of that page. In these examples, there would be no privacy risk to sharing the URLs somewhere.
But query string params are also where alot of marketing/tracking bullshit goes. When you see URLs with UTM params like “utm_medium” and “utm_campaign”, that’s marketing bullshit. They can also contain info about who you are, like what OP is describing: If it’s some kind of referral link for example, then it might look like pyramidscheme.com/special-offer?associate_id=455&source=facebook. It might be esoteric too, like the “igsh” param in OP’s post (which I assume is short for “Instagram share” or something?). That WOULD be a privacy concern.
So yeah… Often you can eyeball it and figure out what (if anything) to remove… And if in doubt, try chopping off the question mark and everything following it, and see if the URL still works.
But don’t stop there, they can also put in some BS in the regular URL bit. Amazon does this, so my solution is to chop off segments between forward slashes and try the URL until it ends up not working, then paste the smallest version of the URL that works.
Or fire up incognito or a private window (or whatever your browser calls it) and search for it directly from the webpage. So for amazon, just open up amazon.com and search for the product name. Even if it has tracking BS, it’ll be a lot less than if you used it from a window where you were logged in.
Firefox has an option called copy link without trackers on their desktop version which covers a lot of this.
Most browsers do but it’s literally never worked for me. There is a very popular browser extension that will strip them though.
It doesn’t cover YouTube link trackers :/
Yeah I was surprised about it. That tracking parameter is one that I notice the most and almost everyone includes it. It made me think that feature is either broken, or in misunderstanding what it supposed to do.
I use an extension that handles A LOT of these unneeded parameters for me on desktop FF, and on Android i use an app that does some processing on URLs, among it cleaning URLs, as my default browser so it gets to URLs before i open any. This saves me some manual handling.
ClearURLs is the only thing that works for me. Adguard and Firefox have tracking removal features, but they don’t seem to work most of the time.
Untracker lets you copy links on Android without tracking parameters, but it’s so annoying in YouTube. I have to click the share button to get the fake YouTube share menu and then swipe past preferred options that I never use to reach the “more” option that reveals the real share menu and then select Untracker to see the link and then it gives me the option to copy (for sharing) or share (which also gives the option to copy). Often going through this process causes YouTube to stop playing.
It does remove
?feature=sharedand?si=...fromyoutu.belinks. Maybe not fromyoutube.comlinks, though I’m not sure how people get those in the first place.Pipepipe share just gives YouTube.com links. Like this:
https://www.youtube.com/watch?v=HUUy3mnAhCE
Is there tracking in that URL?
Nope, that’s clean.
HUUy3mnAhCEis just the ID of the video itself, not a unique identifier for your sharing of this video.
Safari too, part of default tracking prevention, though both browsers miss a lot of tracker types, so extensions are still needed to handle the rest.
