No need to remove the URL tracking parameters manually. π₯³
They should make this the default.
Or a setting that makes it the default.
I don't like any software I use to destroy data (even tracking data) without my say so.
Hmm, I agree with you 100%, but power of defaults is how big companies get average consumers. Maybe Firefox should make it default with a setting to turn it on?
A setting titled "allow copying of tracking data", a lot of people won't allow.
Fight fire with fire.
This just:
Encourages companies to try to work around it
More importantly, possibly breaks important functionality
It's like saying GDPR encourages companies to try work around data protection, so it should not be implemented.
It's not like that at all.
Links support parameters for a reason, and I promise you that the main reason isn't tracking. They can convey important info like the language, search parameters, a specific comment, etc.
Removing them willy-nilly by default is going to cause issue sooner or later, and then people are going to blame Firefox for "not working" and are just gonna switch to Chrome because "it just works".
That's not what we want is it?
As I understand now it removes only limited set of query strings
Yeah but the list is hardcoded. Collisions can happen.
Also, since it's hardcoded, it's easily gameable, and it will be gamed if too many people start filtering them out.
It's a good start but a bad solution overall
"utm_" collisions?
The trackers can be renamed to anything that's regularly used in other places.
Pushing to make this a default will only harm the small minority that might be enjoying the benefits right now.
If you wanted to do this and make it default, I believe you should be able to do so using userChrome.css. You won't be able to change the text, but you can remove the old menu item.
I'm unlikely to use the menu button, I generally use Ctrl+C/Cmd+C. I'll have to poke around and see if there's an option to set that shortcut.
Correct me if I am wrong, but I don't think you would be able to do this as ctrl+c copies what is highlighted rather than the actual link.
I just want a shortcut for "copy without tracking" on the current tab instead of having to use the context menu. I'm fine with it not being "Ctrl+C," as long as it's reasonably easy to remember, like maybe "Ctrl+Shift+C" or even a sequence of commands (i.e. select address bar, then special copy command).
Likewise, there should be an easy way to open a link without trackers, like "Ctrl+shift+click" or something.
Or at least the option to make it the default. I could see some situations where someone may want to test a link with non-identifying parameters (like identifying the campaign source), and not wanting to have that stripped from the URL by default.
But I get you, from a consumer perspective I'd also want it as my default.
In the meantime, there's ClearURLs or uBlock Origin with filter lists.
Doesnβt it just clean up the link or does Firefox actually know which part of the link to remove?
What do you mean?
How does it know what part of the link is the site tracking?
Looks like it has a list of global and site specific parameters that it is safe to remove.
Generally, most are variables prefixed with utm_
They likely built an index from most of the Analytics services also.
I think it's a combination of things, a basic approach of removing the query string (after the question mark) with exceptions for different sites that might need some of the query string.
Itβs not the default because it can break links sometimes, like links that have authentication details in the parameters.
There's an addon I use for the Android version that does this by default.
It does miss some queryparams though but it dramatically reduces the URL size for the big offending sites.
Firefox user for many, many, many years. I tried chrome once and was dismayed at how sluggish it was, hogging ram & cpu.
FF just gets better and better with every update. I'm amazed that more people aren't using it.
At my school, firefox on the computers are not updated at all so it's using the very old firefox. Even then, it's not that slow. Now the current update is way more modern but it does have the weird stuff like pocket and very weird advertisements bookmarked on the front page. You'll get a much better experience after you do all the adjustments of removing everything and installing the proper extensions, maybe a little arkenfox too.
That's interesting to hear. How come they aren't updating?
Tbh I don't mind those 'ads' you speak of, not sure if we're talking about the same thing because for me it's mostly articles, often quite interesting stuff that I wouldn't have seen elsewhere. Will have a look into arkenfox now as never heard of that
i had i siminular problem in college, they used a program to "freeze" the wi dlws stage, so it reset the state in every boot, but they didn't updated the pc in years
Here's an amazon link both without and with that feature being used, for comparison. (The tracking one was created in incognito mode, because I don't know what sort of things it might reveal about me otherwise)
What do the parts it left on do? The encoding is innocuous enough but I don't know what it's doing with ref or th. I usually sanitize links myself and I'd have brought that one down to either
, depending on how much I cared at the time. I kind of expected firefox to bring it down to the first version.
Not sure what th is, but ref is the referrer's ID, which gives the referrer a referral / affiliate bonus if you purchase the item using that link. In theory it's not a bad way to support the referrer and it's not linked to you as an individual personally. You can remove it of course if you feel like they don't deserve the money for referring you to a deal. In the end ref or no ref the price of the item remains the same for you.
I think firefox leaves the ref in intentionally.
I opened amazon in incognito then clicked on a random item from their front page, which was advertising their cyber monday deals at the time. In that case would it just be letting amazon know that that's how I ended up on that page, without serving any other real purpose?
The "ref" param is clearly a tracking breadcrumb, but not sure what the "th" param is. So this is "better" than nothing, but still has room for improvement. "_encoding" is fine, but UTF-8 should be a default for most users anyways.
Hm, copying the first link "without site tracking" still gives me this:
tbf, out of all the programming languages c++ is the worst in terms of DX and readability. Even worse than java, which I despised so much
I don't know the relevant programming languages so I don't know what to search for, but generally, if you want to find something in the Firefox source code, supposedly https://searchfox.org is a great way to do that.
Well yeah but building in privacy-enhancing features like this is a great strategy for FF.
I'm curious whether this sweet feature alone will decrease data greedy websites revenue in $ millions
It won't
Is it available for Firefox android ?
As of this writing, it doesn't look like it.
As @SatyrSack@lemmy.one here mentioned, URLChecker is a good way to manipulate a URL before opening it.
It does look like a really good app and idea, but I'm wondering if it's really necessary on mobile devices. Usually, I don't go around clicking on all kinds of links I shouldn't, so I'm wondering what exact purpose it accomplishes. Genuinely looking for input here.
If anything, URLCheck is even more necessary on mobile devices, particularly iOS where Firefox is just reskinned Safari. On Firefox for Android, you could install the ClearURLs extension, or use uBlock Origin filter lists.
With that said, there are other use cases. For example: Friends or family might share URLs from social media. They often contain unique identifiers that you can strip before clicking the link by using URLCheck.
Good points. I was under the impression, though, that the extension doesn't exist for mobile Firefox yet.
It prevents apps from opening links in your browser directly, since they have to go through URLCheck first. Let's say you click a link in your email, and instead it opens a "google.com/url?q=https://amazon.com" or a "safelinks.outlook.com/?url=..." instead of just taking you to Amazon.com. URLCheck will get rid of the unnecessary redirection and allow you to go directly to the site.
Adding onto that, my pet peeve with email links is them showing you a link that says Amazon.com, but then you go to click the link it opens a bunch of email tracking links before finally taking you to Amazon.com. With URLCheck you can actually stop these links from opening, and go to the website directly in the browser yourself.
If you're familiar with that issue that popped up regarding ".zip" domain names, and how they can be engineered to look like an official URL, this is a non issue as you'll get a warning if any link contains malicious unicode characters that could be mistaken for something else
Also, if you have multiple apps that can handle a link (maybe different youtube apps like libretube, newpipe, grayjay), you can pick which one to open after clicking a link. Android does have a stock app picker, but it's very easy to mistakenly set an app as default.
Android apps can also track what apps triggered them to open - URLCheck can mask this, and even set some advanced flags for how the link handler app should be opened.
To be honest after using it for a while, I really wish there was something similar available for desktop
On Android you can install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing a link from Firefox or any other app.
Can someone ELI5 what is the difference with normal link sharing?
Does it change for the end user something or what? I ask because I almost never share stuff from my browsers, but I do from some apps such as social media or Sync for Lemmy/Voyager.
it just removes all the crap at the end of a link
Generally a link tells a browser where to find something on the Web, but you can stuff it with additional information so that when a server receives a request for that something, it will know how the browser got that link.
This feature strip's out that additional information.
Try to copy an Amazon link with and without this option and you'll see
Ok, I'll try.
Try to copy an Amazon link with and without this option and you'll see
Try to copy an Amazon link with and without this option and you'll see
Based Firefox
Is there an about:config setting to make this the default action or are we gonna have to be patient for that?
I looked for it in about:config, but I couldn't narrow it down and see which parameter it was (if it's even in there at all yet).
Great for desktop/laptop, but I'm waiting for them to release it on mobile as well. At the very least, if they have, Mull hasn't added it yet.
Semi-off-topic, but is there anything like a smarter clipboard on Android that can remove tracking details on paste (would be different from a plain paste)?
Not quite the same thing, but if you install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing the link. Then you can copy to the clipboard or share it elsewhere.
Why would i ever have a link with tracking?
What do you mean? Tons of links on the web have trackers appended to the URL.
Pretty sure they are asking, "Why would I ever want the tracking copied, why is this relegated to a bespoke option instead of being the default behavior?"
I think it's good to have a normal copy along with this remove tracking one. In case for some reason removing tracking messes something up with the link and makes it not work. It's always nice to have options rather than just doing it automatically.
agree with you about having options, but swap it around. have copy without trackers be "copy link", and then have an option "copy link with trackers"
I disagree. I think the default option should be what users expect, and users expect "copy" to do exactly that: copy without modifying the text.
I think we could have an about:config tweak to make copying links always remove trackers
account activation links often have tracking required for them to work
The fact is that there is no surefire way to get rid only of tracking parameters, because they can mix in with other legit ones that if removed would break the website you're visiting.
Last I heard, Facebook had rolled out some encrypted URL parameters, so the collective mapping efforts to manually identify parameters only used for tracking on each different website could very well be nullified if many implement something evil as that
Mentioning Brave is like subscribing to downvotes. π
Indeed, but it's true - Brave did bring this feature long ago. It's a good thing for us, let multiple browsers try to one up each other on privacy focused features.
That's true, this was one thing that was slightly annoying when I made the move from brave to Firefox. But I mean, I wouldn't really characterise this as a reliable security feature. If you don't manually check your URL before hitting return anyway, you're going to be less secure than without the feature
As a Brave user I'm well aware ... of all of the above π
They should make this the default.
Or a setting that makes it the default.
I don't like any software I use to destroy data (even tracking data) without my say so.
Hmm, I agree with you 100%, but power of defaults is how big companies get average consumers. Maybe Firefox should make it default with a setting to turn it on?
A setting titled "allow copying of tracking data", a lot of people won't allow.
Fight fire with fire.
This just:
Encourages companies to try to work around it
More importantly, possibly breaks important functionality
It's like saying GDPR encourages companies to try work around data protection, so it should not be implemented.
It's not like that at all.
Links support parameters for a reason, and I promise you that the main reason isn't tracking. They can convey important info like the language, search parameters, a specific comment, etc.
Removing them willy-nilly by default is going to cause issue sooner or later, and then people are going to blame Firefox for "not working" and are just gonna switch to Chrome because "it just works".
That's not what we want is it?
As I understand now it removes only limited set of query strings
Yeah but the list is hardcoded. Collisions can happen.
Also, since it's hardcoded, it's easily gameable, and it will be gamed if too many people start filtering them out.
It's a good start but a bad solution overall
"utm_" collisions?
The trackers can be renamed to anything that's regularly used in other places.
Pushing to make this a default will only harm the small minority that might be enjoying the benefits right now.
At least with the current way it's set up.
Opt-out then, the majority won't care
If you wanted to do this and make it default, I believe you should be able to do so using userChrome.css. You won't be able to change the text, but you can remove the old menu item.
I'm unlikely to use the menu button, I generally use Ctrl+C/Cmd+C. I'll have to poke around and see if there's an option to set that shortcut.
Correct me if I am wrong, but I don't think you would be able to do this as ctrl+c copies what is highlighted rather than the actual link.
I just want a shortcut for "copy without tracking" on the current tab instead of having to use the context menu. I'm fine with it not being "Ctrl+C," as long as it's reasonably easy to remember, like maybe "Ctrl+Shift+C" or even a sequence of commands (i.e. select address bar, then special copy command).
Likewise, there should be an easy way to open a link without trackers, like "Ctrl+shift+click" or something.
Or at least the option to make it the default. I could see some situations where someone may want to test a link with non-identifying parameters (like identifying the campaign source), and not wanting to have that stripped from the URL by default.
But I get you, from a consumer perspective I'd also want it as my default.
In the meantime, there's ClearURLs or uBlock Origin with filter lists.
Doesnβt it just clean up the link or does Firefox actually know which part of the link to remove?
What do you mean?
How does it know what part of the link is the site tracking?
Looks like it has a list of global and site specific parameters that it is safe to remove.
Generally, most are variables prefixed with
utm_They likely built an index from most of the Analytics services also.
I think it's a combination of things, a basic approach of removing the query string (after the question mark) with exceptions for different sites that might need some of the query string.
Itβs not the default because it can break links sometimes, like links that have authentication details in the parameters.
There's an addon I use for the Android version that does this by default.
It does miss some queryparams though but it dramatically reduces the URL size for the big offending sites.
What is it?
https://addons.mozilla.org/en-US/firefox/addon/clearurls/
But default is putting your cursor in the address bar and hitting ctrl-c. How would Firefox clean it like that?
If it removes the tracking from the link before the page loads, it could work. So it would already be clean when you copy it.
On android anyway, that's an interceptable action, and you can also monitor and alter the clipboard.
So they could either alter what gets copied before its copied, or scan the copied item after it'd copied and alter it.
It doesn't.
If you think about it though, you've already visited that link so why clean it now.
So the person you send it to gets a clean link
Firefox user for many, many, many years. I tried chrome once and was dismayed at how sluggish it was, hogging ram & cpu.
FF just gets better and better with every update. I'm amazed that more people aren't using it.
At my school, firefox on the computers are not updated at all so it's using the very old firefox. Even then, it's not that slow. Now the current update is way more modern but it does have the weird stuff like pocket and very weird advertisements bookmarked on the front page. You'll get a much better experience after you do all the adjustments of removing everything and installing the proper extensions, maybe a little arkenfox too.
That's interesting to hear. How come they aren't updating?
Tbh I don't mind those 'ads' you speak of, not sure if we're talking about the same thing because for me it's mostly articles, often quite interesting stuff that I wouldn't have seen elsewhere. Will have a look into arkenfox now as never heard of that
i had i siminular problem in college, they used a program to "freeze" the wi dlws stage, so it reset the state in every boot, but they didn't updated the pc in years
Here's an amazon link both without and with that feature being used, for comparison. (The tracking one was created in incognito mode, because I don't know what sort of things it might reveal about me otherwise)
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX/?_encoding=UTF8&pd_rd_w=2B470&content-id=amzn1.sym.87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_p=87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_r=Z6KPA93RVDCTHA2HFQM7&pd_rd_wg=o2LTo&pd_rd_r=fef55702-5392-47a4-a5d2-8a7951d1229b&ref_=pd_gw_dealz_cm&th=1
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX/?_encoding=UTF8&ref_=pd_gw_dealz_cm&th=1
What do the parts it left on do? The encoding is innocuous enough but I don't know what it's doing with ref or th. I usually sanitize links myself and I'd have brought that one down to either
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX
or
https://www.amazon.com/dp/B0B3CLN8PX
, depending on how much I cared at the time. I kind of expected firefox to bring it down to the first version.
Not sure what th is, but ref is the referrer's ID, which gives the referrer a referral / affiliate bonus if you purchase the item using that link. In theory it's not a bad way to support the referrer and it's not linked to you as an individual personally. You can remove it of course if you feel like they don't deserve the money for referring you to a deal. In the end ref or no ref the price of the item remains the same for you.
I think firefox leaves the ref in intentionally.
I opened amazon in incognito then clicked on a random item from their front page, which was advertising their cyber monday deals at the time. In that case would it just be letting amazon know that that's how I ended up on that page, without serving any other real purpose?
That's right!
The "ref" param is clearly a tracking breadcrumb, but not sure what the "th" param is. So this is "better" than nothing, but still has room for improvement. "_encoding" is fine, but UTF-8 should be a default for most users anyways.
Hm, copying the first link "without site tracking" still gives me this:
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX/?_encoding=UTF8&pd_rd_w=2B470&content-id=amzn1.sym.87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_p=87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_r=Z6KPA93RVDCTHA2HFQM7&pd_rd_wg=o2LTo&pd_rd_r=fef55702-5392-47a4-a5d2-8a7951d1229b&ref_=pd_gw_dealz_cm&th=1
I get the same when I copy from my comment - I guess it only works reliably from the address bar? Or maybe only if you're on the correct site?
Firefox is getting better every day
Can't wait til the entire extension ecosystem is available on mobile
Does anyone know where the source code for this is?
My c++ is pretty rusty, but I hopped through the changelogs. I think this is the source for it here https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/antitracking/URLQueryStringStripper.cpp
tbf, out of all the programming languages c++ is the worst in terms of DX and readability. Even worse than java, which I despised so much
I don't know the relevant programming languages so I don't know what to search for, but generally, if you want to find something in the Firefox source code, supposedly https://searchfox.org is a great way to do that.
There's also the ClearURLs add-on.
Or uBlock Origin with filter lists. π
Well yeah but building in privacy-enhancing features like this is a great strategy for FF.
I'm curious whether this sweet feature alone will decrease data greedy websites revenue in $ millions
It won't
Is it available for Firefox android ?
As of this writing, it doesn't look like it.
As @SatyrSack@lemmy.one here mentioned, URLChecker is a good way to manipulate a URL before opening it.
It does look like a really good app and idea, but I'm wondering if it's really necessary on mobile devices. Usually, I don't go around clicking on all kinds of links I shouldn't, so I'm wondering what exact purpose it accomplishes. Genuinely looking for input here.
If anything, URLCheck is even more necessary on mobile devices, particularly iOS where Firefox is just reskinned Safari. On Firefox for Android, you could install the ClearURLs extension, or use uBlock Origin filter lists.
With that said, there are other use cases. For example: Friends or family might share URLs from social media. They often contain unique identifiers that you can strip before clicking the link by using URLCheck.
More on this here: https://a.lemmy.world/lemmy.world/post/8443034
Good points. I was under the impression, though, that the extension doesn't exist for mobile Firefox yet.
It prevents apps from opening links in your browser directly, since they have to go through URLCheck first. Let's say you click a link in your email, and instead it opens a "google.com/url?q=https://amazon.com" or a "safelinks.outlook.com/?url=..." instead of just taking you to Amazon.com. URLCheck will get rid of the unnecessary redirection and allow you to go directly to the site.
Adding onto that, my pet peeve with email links is them showing you a link that says Amazon.com, but then you go to click the link it opens a bunch of email tracking links before finally taking you to Amazon.com. With URLCheck you can actually stop these links from opening, and go to the website directly in the browser yourself.
If you're familiar with that issue that popped up regarding ".zip" domain names, and how they can be engineered to look like an official URL, this is a non issue as you'll get a warning if any link contains malicious unicode characters that could be mistaken for something else
Also, if you have multiple apps that can handle a link (maybe different youtube apps like libretube, newpipe, grayjay), you can pick which one to open after clicking a link. Android does have a stock app picker, but it's very easy to mistakenly set an app as default.
Android apps can also track what apps triggered them to open - URLCheck can mask this, and even set some advanced flags for how the link handler app should be opened.
To be honest after using it for a while, I really wish there was something similar available for desktop
Thanks for the insight!
You can look into URLCheck until it is
https://github.com/TrianguloY/UrlChecker
On Android you can install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing a link from Firefox or any other app.
Can someone ELI5 what is the difference with normal link sharing?
Does it change for the end user something or what? I ask because I almost never share stuff from my browsers, but I do from some apps such as social media or Sync for Lemmy/Voyager.
it just removes all the crap at the end of a link
Generally a link tells a browser where to find something on the Web, but you can stuff it with additional information so that when a server receives a request for that something, it will know how the browser got that link.
This feature strip's out that additional information.
Try to copy an Amazon link with and without this option and you'll see
Ok, I'll try.
Try to copy an Amazon link with and without this option and you'll see
Try to copy an Amazon link with and without this option and you'll see
Based Firefox
Is there an about:config setting to make this the default action or are we gonna have to be patient for that?
I looked for it in about:config, but I couldn't narrow it down and see which parameter it was (if it's even in there at all yet).
Also searching for this answer. https://lemmy.world/comment/5626130
Great for desktop/laptop, but I'm waiting for them to release it on mobile as well. At the very least, if they have, Mull hasn't added it yet.
Semi-off-topic, but is there anything like a smarter clipboard on Android that can remove tracking details on paste (would be different from a plain paste)?
URLCheck: https://github.com/TrianguloY/UrlChecker
Not quite the same thing, but if you install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing the link. Then you can copy to the clipboard or share it elsewhere.
Why would i ever have a link with tracking?
What do you mean? Tons of links on the web have trackers appended to the URL.
Pretty sure they are asking, "Why would I ever want the tracking copied, why is this relegated to a bespoke option instead of being the default behavior?"
I think it's good to have a normal copy along with this remove tracking one. In case for some reason removing tracking messes something up with the link and makes it not work. It's always nice to have options rather than just doing it automatically.
agree with you about having options, but swap it around. have copy without trackers be "copy link", and then have an option "copy link with trackers"
I disagree. I think the default option should be what users expect, and users expect "copy" to do exactly that: copy without modifying the text.
I think we could have an about:config tweak to make copying links always remove trackers
account activation links often have tracking required for them to work
The fact is that there is no surefire way to get rid only of tracking parameters, because they can mix in with other legit ones that if removed would break the website you're visiting.
Last I heard, Facebook had rolled out some encrypted URL parameters, so the collective mapping efforts to manually identify parameters only used for tracking on each different website could very well be nullified if many implement something evil as that
I noticed this feature in Brave first.
Mentioning Brave is like subscribing to downvotes. π
Indeed, but it's true - Brave did bring this feature long ago. It's a good thing for us, let multiple browsers try to one up each other on privacy focused features.
That's true, this was one thing that was slightly annoying when I made the move from brave to Firefox. But I mean, I wouldn't really characterise this as a reliable security feature. If you don't manually check your URL before hitting return anyway, you're going to be less secure than without the feature
As a Brave user I'm well aware ... of all of the above π