Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Firefox Mozilla

Firefox Can Now Automatically Remove Tracking From URLs (engadget.com) 49

Mozilla's latest Firefox browser release has a new feature that prevents sites like Facebook from tracking you across websites. Called Query Parameter Stripping, it automatically removes strings of characters added to the end of an URL.
This discussion has been archived. No new comments can be posted.

Firefox Can Now Automatically Remove Tracking From URLs

Comments Filter:
  • by WankerWeasel ( 875277 ) on Wednesday June 29, 2022 @02:46PM (#62660414)
    Facebook and others won't be prevented from tracking you with this. For instance, Facebook has moved to their Conversions API, which operates on the website server-side and doesn't rely on passing URL parameters.
    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Wednesday June 29, 2022 @02:54PM (#62660434)
      Comment removed based on user account deletion
      • It also hurts sites like Slashdot. Or those that are able to exist on affiliate sales. You'll certainly see some sites you enjoy shutting down in the coming years due to inability to make money for what they do.
        • Comment removed based on user account deletion
        • If you RTFA it is just some ?xyz= type of queries, and they are very specific ones, You will simply see them all renamed in the coming days or week to ?axyzaa= or some such. Now if they stripped all the query syntax from cross site links we might have something.

          Nah then it will just become embedded in the path link like abc.cam/dudemylinks/xyz/frostypudding.html
        • by Improv ( 2467 )

          We don't need to approve of every possible way companies can make money. Many will adapt.

        • You'll certainly see some sites you enjoy shutting down in the coming years due to inability to make money for what they do.

          It won't affect sites like Slashdot, because Slashdot doesn't do this particular thing. It does try to cram a metric fuckton of trackers right up your ass if you don't noscript it and use classic, though. (If you do, it will function properly with scripts enabled only for Slashdot and FSDN.) I don't click on banners, and almost nobody is stupid enough to pay for views on banners any more, so blocking those is doing everyone a favor by not bothering to download them — and actually reducing costs. Slash

      • by AmiMoJo ( 196126 )

        This isn't just about tracking you. When you share a Facebook link the URL has tracking data that lets then see who you shared it with, and how far your influence spreads, and who is associated with you even tangentially. Every time someone else follows that link, they know you originally shared it.

        Add ons have been available for this for a while, but they all suck because they strip the tracking when you follow the link. What you need us what Firefox does, strip it when you copy the link to the clipboard.

        • Then the proper way to deal with this as a plugin is to rewrite the tracker data with other tracker data.

          Data collectors can deal with you not giving them data. They will still get data from others. What's way, way worse is poisoned data. Data that has been tampered with that invalidates also the "good" data they get.

          This is what we have to aim for. Poison their data well.

          • by AmiMoJo ( 196126 )

            It's a nice idea but I have a feeling it wouldn't be hard to filter. The tracker ID must be entered into a database somewhere when it is generated, so if you use a random one it simply won't have a matching database entry and will be discarded.

            To be effective it would need to swap IDs with other users.

            • Doesn't have to be random. Could even be monetized. "Want Social Media platforms to think you're an influenza? Pay us, and everyone going there will look like you sent them!"

              They get their "followers", you get sent by someone else every time and nobody knows whose links you really follow, everyone's happy.

  • by Sloppy ( 14984 ) on Wednesday June 29, 2022 @02:48PM (#62660420) Homepage Journal

    Nobody would think of this feature unless they were thinking as a user. I might not appreciate everything they do to their browser (e.g. wtf is with pocket?), but this strongly hints that they have the right attitude and are attempting to maximize the right values. Thanks, Firefox team!

    • Unfortunately it doesn't sanitize Google search results, so I still need clearurls [clearurls.xyz], and therefore this feature is broadly worthless to me — I already have this functionality in an add-on, which I still need.

      I suppose I could use a user script to clean the google URLs, but that's just a browser-agnostic add-on.

      The feature explicitly only strips the following:

      Olytics: oly_enc_id=, oly_anon_id=
              Drip: __s=
              Vero: vero_id=
              HubSpot: _hsenc=
              Marketo: mkt_tok=
              Facebook: fbclid=, mc_eid=

      But not anything from Mozilla's sugar daddy, Google.

      • So everything this new feature will accomplish is that from now on advertisers will randomize the names of the URL parameters they use for tracking?
        • So everything this new feature will accomplish is that from now on advertisers will randomize the names of the URL parameters they use for tracking?

          That is not actually practical. If they do that then they will break other people's sites. It also makes more work for them.

          • by AmiMoJo ( 196126 )

            AdGuard offers URL tracker removal via a uBlock Origin list. It has more stuff on it than Mozilla's list, and is regularly updated. If you use uBlock anyway you might as well add it.

            • I am using ClearURLs because it both strips tracking variables and rewrites google search results so that you can copy and paste the URLs without visiting them. The latter is critical functionality for Slashdot, where there are many stupid questions which can be answered and statements which can be rebutted with the top google search result's excerpt.

        • by narcc ( 412956 )

          So you're saying that it's better to just throw up our hands, resign ourselves to fate, and do nothing?

          I remember having a similar discussion sometime around 2000-2001 with a cynical kid about the recent addition of a hardware firewall to our network. His reasoning, if you can call it that, was that it was little more than a pointless inconvenience because it won't stop every possible attack.

          I see this same kind of argument pop up every time someone mentions a harm reduction strategy. I have to wonder if

      • by tlhIngan ( 30335 )

        Is there a general extension that does it?

        Might be useful to eliminate those hidden Amazon referrerals that lots of places sneak in - you paste an Amazon link, and it gets rewritten with the site's referral code instead.

        Or for those sneaky people who just casually dump amazon links around with their code on it on places like discord and such.

        • Besides ClearURLs [mozilla.org], which I've been using for a long while now, it's pretty easy to do this stuff with a user script. You can trigger them at different times. I wrote [greasyfork.org] a couple of stupid-simple scripts to rewrite Slashdot URLs, which will give examples of how to do that. (I was rewriting the section hostnames out of the URLs, which I originally did one day when *.slashdot.org was giving errors but slashdot.org was working fine — and the site only uses those hostnames for theming anyway.) One of them rewrites slashdot links on other sites, and the other one rewrites just the ones on this site... I was able to whip them up in a few minutes by googling with relatively little error in my trials.

      • by techno-vampire ( 666512 ) on Wednesday June 29, 2022 @05:58PM (#62660846) Homepage
        There's a much easier way to get ride of those nasty trackers. Instead of using Google directly, use Startpage.com [wikipedia.org], and get all the Google results with the trackers removed. HTH, HAND.
        • Here's the reason why it doesn't help me: I want personalized search results. If you haven't noticed, everyone gets slightly different results, and I've been logging into Google since that's been a thing. I block Google's assorted trackers around the web through a variety of means, but when I'm using Google, I actually want to use Google. Google attempts to do this even if you don't log in, but if you want personalized results then you should. For example, it's not an accident that when I do Google searches

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Wednesday June 29, 2022 @02:50PM (#62660424)
    Comment removed based on user account deletion
  • Not enough (Score:5, Interesting)

    by devslash0 ( 4203435 ) on Wednesday June 29, 2022 @03:00PM (#62660448)

    First and foremost, we need it to strip Google Analytics params (starting with utm_). Secondly, we need a customisable list so that we can add our own.

    I actually wrote a browser extension for myself to do this. The extension which is now being threatened by the deployment of the manifest v3...

  • by Some Guy ( 21271 ) on Wednesday June 29, 2022 @03:08PM (#62660468)

    I've been using Tracking Token Stripper for both Brave & Firefox which seems to do this and more.

    https://github.com/jparise/chr... [github.com]

  • Really, Firefox just removes some query parameters that are used for tracking. This is whack-a-mole because marketers will just change the name of their tracking parameters, or even just generate a random name each time and have the value be recognizable in some way (because it's signed or has a specific preamble or something.)

    • Re:Misleading (Score:4, Interesting)

      by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Wednesday June 29, 2022 @04:27PM (#62660648) Homepage Journal

      Yes, but there's the thing about that. This works specifically because these tracking variables are being used uniquely, and conversely, unique tracking variables are being used specifically because they work. If you start tacking too much weird shit onto URLs, eventually you'll include something that breaks other people's sites. It will be like domain name starvation, where companies now have to have stupid random-scrabble-tile names because all the good names are taken. Except this would be much, much worse, because it will break legacy web sites and applications.

      Frankly, I don't think this is going to make much of a dent in anything because Firefox has such a minuscule market share. They will barely even notice. And the people who choose to use firefox are probably in general less worth tracking than other people, because they're not leaking as much data — because they're likely using multiple means of reducing it. You have to go to actual effort to track this tiny segment of the userbase? Meh.

      • by dskoll ( 99328 )

        I don't think adding IUn6UdCXB1zo=whatever is likely to break anything. The odds of breaking sites by using parameter names like f8cVZwOcTVRA, UyeM84BO67qK or oyh992bvl4pM are pretty damn low.

  • by Anonymous Coward
    Turning it on in the Settings GUI only works for normal browsing. If you're a Privacy mode user then you'll have to go hunting through about:config to change a *different* setting that's not affected by the Settings GUI.
  • It's long overdue and as others have pointed out it's not 100% but tracking URLs and tracking Cookies need to go, period.

  • Forgive my ignorance, but isn't the Blue "f" that often appears on pages next to other logos like the tweety bird also a main tracker? There's a 40+ char alphameric code which might identify the page yet always returns the same Blue "f" image. Do FB cookies get returned for image requests? If so, then FB knows the userid that opened the page if you leave UID cookies available. I don't.

    • by Anonymous Coward

      If you use certain ad blocking filters or other various privacy tools those types of things aren't loaded in the first place.

      This is about filtering URLs used for sharing and hyperlinking.

  • First, I love Firefox. It has been the only browser I use since it was introduced. But these incremental privacy updates are nothing but attention seeking. By using addons such as ClearURLs, uBlock Origin, Ghostery, and Google Analytics Opt-out Addon, you get MUCH better privacy protection. If Mozilla were serious the blocking these addons perform would be fully incorporated. It all boils down to a corrupt advertising industry. We need to remove the means for these companies, and privacy raping ass-hats lik
  • Yep. Broken. Extension sorcery has gone up in a cloud of magic smoke...

  • Just putting that out there... all the new PCs and users should get this by default.

A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson

Working...