Hmm, I agree with you 100%, but power of defaults is how big companies get average consumers. Maybe Firefox should make it default with a setting to turn it on?
A setting titled "allow copying of tracking data", a lot of people won't allow.
Links support parameters for a reason, and I promise you that the main reason isn't tracking. They can convey important info like the language, search parameters, a specific comment, etc.
Removing them willy-nilly by default is going to cause issue sooner or later, and then people are going to blame Firefox for "not working" and are just gonna switch to Chrome because "it just works".
If you wanted to do this and make it default, I believe you should be able to do so using userChrome.css. You won't be able to change the text, but you can remove the old menu item.
I just want a shortcut for "copy without tracking" on the current tab instead of having to use the context menu. I'm fine with it not being "Ctrl+C," as long as it's reasonably easy to remember, like maybe "Ctrl+Shift+C" or even a sequence of commands (i.e. select address bar, then special copy command).
Likewise, there should be an easy way to open a link without trackers, like "Ctrl+shift+click" or something.
Or at least the option to make it the default. I could see some situations where someone may want to test a link with non-identifying parameters (like identifying the campaign source), and not wanting to have that stripped from the URL by default.
But I get you, from a consumer perspective I'd also want it as my default.
In the meantime, there's ClearURLs or uBlock Origin with filter lists.
I think it's a combination of things, a basic approach of removing the query string (after the question mark) with exceptions for different sites that might need some of the query string.
At my school, firefox on the computers are not updated at all so it's using the very old firefox. Even then, it's not that slow. Now the current update is way more modern but it does have the weird stuff like pocket and very weird advertisements bookmarked on the front page. You'll get a much better experience after you do all the adjustments of removing everything and installing the proper extensions, maybe a little arkenfox too.
That's interesting to hear. How come they aren't updating?
Tbh I don't mind those 'ads' you speak of, not sure if we're talking about the same thing because for me it's mostly articles, often quite interesting stuff that I wouldn't have seen elsewhere. Will have a look into arkenfox now as never heard of that
i had i siminular problem in college, they used a program to "freeze" the wi dlws stage, so it reset the state in every boot, but they didn't updated the pc in years
Here's an amazon link both without and with that feature being used, for comparison. (The tracking one was created in incognito mode, because I don't know what sort of things it might reveal about me otherwise)
What do the parts it left on do? The encoding is innocuous enough but I don't know what it's doing with ref or th. I usually sanitize links myself and I'd have brought that one down to either
Not sure what th is, but ref is the referrer's ID, which gives the referrer a referral / affiliate bonus if you purchase the item using that link. In theory it's not a bad way to support the referrer and it's not linked to you as an individual personally. You can remove it of course if you feel like they don't deserve the money for referring you to a deal. In the end ref or no ref the price of the item remains the same for you.
I opened amazon in incognito then clicked on a random item from their front page, which was advertising their cyber monday deals at the time. In that case would it just be letting amazon know that that's how I ended up on that page, without serving any other real purpose?
The "ref" param is clearly a tracking breadcrumb, but not sure what the "th" param is. So this is "better" than nothing, but still has room for improvement. "_encoding" is fine, but UTF-8 should be a default for most users anyways.
I don't know the relevant programming languages so I don't know what to search for, but generally, if you want to find something in the Firefox source code, supposedly https://searchfox.org is a great way to do that.
There's various well-known tracking parameters that can be stripped, like UTM parameters. Stripping all query parameters would break a lot of sites, like anything in the vein of http://example.com/site.php?id=123
I don't see why they should send the URL somewhere. For Googley reasons, most tracking parameters start with "utm_". You can remove those pretty naïvely, generally without links breaking.
Try switching the default before removing the others. If the others get added back, the default should start the same. If you just remove them, it might not update the default. (Because then it's just showing you whatever is left over when it can't find the default.)
Can someone ELI5 what is the difference with normal link sharing?
Does it change for the end user something or what? I ask because I almost never share stuff from my browsers, but I do from some apps such as social media or Sync for Lemmy/Voyager.
Generally a link tells a browser where to find something on the Web, but you can stuff it with additional information so that when a server receives a request for that something, it will know how the browser got that link.
This feature strip's out that additional information.
It does look like a really good app and idea, but I'm wondering if it's really necessary on mobile devices. Usually, I don't go around clicking on all kinds of links I shouldn't, so I'm wondering what exact purpose it accomplishes. Genuinely looking for input here.
If anything, URLCheck is even more necessary on mobile devices, particularly iOS where Firefox is just reskinned Safari. On Firefox for Android, you could install the ClearURLs extension, or use uBlock Origin filter lists.
With that said, there are other use cases. For example: Friends or family might share URLs from social media. They often contain unique identifiers that you can strip before clicking the link by using URLCheck.
It prevents apps from opening links in your browser directly, since they have to go through URLCheck first. Let's say you click a link in your email, and instead it opens a "google.com/url?q=https://amazon.com" or a "safelinks.outlook.com/?url=..." instead of just taking you to Amazon.com. URLCheck will get rid of the unnecessary redirection and allow you to go directly to the site.
Adding onto that, my pet peeve with email links is them showing you a link that says Amazon.com, but then you go to click the link it opens a bunch of email tracking links before finally taking you to Amazon.com. With URLCheck you can actually stop these links from opening, and go to the website directly in the browser yourself.
If you're familiar with that issue that popped up regarding ".zip" domain names, and how they can be engineered to look like an official URL, this is a non issue as you'll get a warning if any link contains malicious unicode characters that could be mistaken for something else
Also, if you have multiple apps that can handle a link (maybe different youtube apps like libretube, newpipe, grayjay), you can pick which one to open after clicking a link. Android does have a stock app picker, but it's very easy to mistakenly set an app as default.
Android apps can also track what apps triggered them to open - URLCheck can mask this, and even set some advanced flags for how the link handler app should be opened.
To be honest after using it for a while, I really wish there was something similar available for desktop
On Android you can install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing a link from Firefox or any other app.
Semi-off-topic, but is there anything like a smarter clipboard on Android that can remove tracking details on paste (would be different from a plain paste)?
Not quite the same thing, but if you install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing the link. Then you can copy to the clipboard or share it elsewhere.
Pretty sure they are asking, "Why would I ever want the tracking copied, why is this relegated to a bespoke option instead of being the default behavior?"
I think it's good to have a normal copy along with this remove tracking one. In case for some reason removing tracking messes something up with the link and makes it not work. It's always nice to have options rather than just doing it automatically.
The fact is that there is no surefire way to get rid only of tracking parameters, because they can mix in with other legit ones that if removed would break the website you're visiting.
Last I heard, Facebook had rolled out some encrypted URL parameters, so the collective mapping efforts to manually identify parameters only used for tracking on each different website could very well be nullified if many implement something evil as that
Indeed, but it's true - Brave did bring this feature long ago. It's a good thing for us, let multiple browsers try to one up each other on privacy focused features.
That's true, this was one thing that was slightly annoying when I made the move from brave to Firefox. But I mean, I wouldn't really characterise this as a reliable security feature. If you don't manually check your URL before hitting return anyway, you're going to be less secure than without the feature
They should make this the default.
Or a setting that makes it the default.
I don't like any software I use to destroy data (even tracking data) without my say so.
Hmm, I agree with you 100%, but power of defaults is how big companies get average consumers. Maybe Firefox should make it default with a setting to turn it on?
A setting titled "allow copying of tracking data", a lot of people won't allow.
Fight fire with fire.
This just:
Encourages companies to try to work around it
More importantly, possibly breaks important functionality
It's like saying GDPR encourages companies to try work around data protection, so it should not be implemented.
It's not like that at all.
Links support parameters for a reason, and I promise you that the main reason isn't tracking. They can convey important info like the language, search parameters, a specific comment, etc.
Removing them willy-nilly by default is going to cause issue sooner or later, and then people are going to blame Firefox for "not working" and are just gonna switch to Chrome because "it just works".
That's not what we want is it?
As I understand now it removes only limited set of query strings
Yeah but the list is hardcoded. Collisions can happen.
Also, since it's hardcoded, it's easily gameable, and it will be gamed if too many people start filtering them out.
It's a good start but a bad solution overall
Opt-out then, the majority won't care
If you wanted to do this and make it default, I believe you should be able to do so using userChrome.css. You won't be able to change the text, but you can remove the old menu item.
I'm unlikely to use the menu button, I generally use Ctrl+C/Cmd+C. I'll have to poke around and see if there's an option to set that shortcut.
Correct me if I am wrong, but I don't think you would be able to do this as ctrl+c copies what is highlighted rather than the actual link.
I just want a shortcut for "copy without tracking" on the current tab instead of having to use the context menu. I'm fine with it not being "Ctrl+C," as long as it's reasonably easy to remember, like maybe "Ctrl+Shift+C" or even a sequence of commands (i.e. select address bar, then special copy command).
Likewise, there should be an easy way to open a link without trackers, like "Ctrl+shift+click" or something.
Or at least the option to make it the default. I could see some situations where someone may want to test a link with non-identifying parameters (like identifying the campaign source), and not wanting to have that stripped from the URL by default.
But I get you, from a consumer perspective I'd also want it as my default.
In the meantime, there's ClearURLs or uBlock Origin with filter lists.
Doesn’t it just clean up the link or does Firefox actually know which part of the link to remove?
What do you mean?
How does it know what part of the link is the site tracking?
Looks like it has a list of global and site specific parameters that it is safe to remove.
Generally, most are variables prefixed with
utm_They likely built an index from most of the Analytics services also.
I think it's a combination of things, a basic approach of removing the query string (after the question mark) with exceptions for different sites that might need some of the query string.
It’s not the default because it can break links sometimes, like links that have authentication details in the parameters.
There's an addon I use for the Android version that does this by default.
It does miss some queryparams though but it dramatically reduces the URL size for the big offending sites.
What is it?
https://addons.mozilla.org/en-US/firefox/addon/clearurls/
But default is putting your cursor in the address bar and hitting ctrl-c. How would Firefox clean it like that?
If it removes the tracking from the link before the page loads, it could work. So it would already be clean when you copy it.
On android anyway, that's an interceptable action, and you can also monitor and alter the clipboard.
So they could either alter what gets copied before its copied, or scan the copied item after it'd copied and alter it.
It doesn't.
If you think about it though, you've already visited that link so why clean it now.
So the person you send it to gets a clean link
Firefox user for many, many, many years. I tried chrome once and was dismayed at how sluggish it was, hogging ram & cpu.
FF just gets better and better with every update. I'm amazed that more people aren't using it.
At my school, firefox on the computers are not updated at all so it's using the very old firefox. Even then, it's not that slow. Now the current update is way more modern but it does have the weird stuff like pocket and very weird advertisements bookmarked on the front page. You'll get a much better experience after you do all the adjustments of removing everything and installing the proper extensions, maybe a little arkenfox too.
That's interesting to hear. How come they aren't updating?
Tbh I don't mind those 'ads' you speak of, not sure if we're talking about the same thing because for me it's mostly articles, often quite interesting stuff that I wouldn't have seen elsewhere. Will have a look into arkenfox now as never heard of that
i had i siminular problem in college, they used a program to "freeze" the wi dlws stage, so it reset the state in every boot, but they didn't updated the pc in years
Here's an amazon link both without and with that feature being used, for comparison. (The tracking one was created in incognito mode, because I don't know what sort of things it might reveal about me otherwise)
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX/?_encoding=UTF8&pd_rd_w=2B470&content-id=amzn1.sym.87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_p=87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_r=Z6KPA93RVDCTHA2HFQM7&pd_rd_wg=o2LTo&pd_rd_r=fef55702-5392-47a4-a5d2-8a7951d1229b&ref_=pd_gw_dealz_cm&th=1
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX/?_encoding=UTF8&ref_=pd_gw_dealz_cm&th=1
What do the parts it left on do? The encoding is innocuous enough but I don't know what it's doing with ref or th. I usually sanitize links myself and I'd have brought that one down to either
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX
or
https://www.amazon.com/dp/B0B3CLN8PX
, depending on how much I cared at the time. I kind of expected firefox to bring it down to the first version.
Not sure what th is, but ref is the referrer's ID, which gives the referrer a referral / affiliate bonus if you purchase the item using that link. In theory it's not a bad way to support the referrer and it's not linked to you as an individual personally. You can remove it of course if you feel like they don't deserve the money for referring you to a deal. In the end ref or no ref the price of the item remains the same for you.
I think firefox leaves the ref in intentionally.
I opened amazon in incognito then clicked on a random item from their front page, which was advertising their cyber monday deals at the time. In that case would it just be letting amazon know that that's how I ended up on that page, without serving any other real purpose?
That's right!
The "ref" param is clearly a tracking breadcrumb, but not sure what the "th" param is. So this is "better" than nothing, but still has room for improvement. "_encoding" is fine, but UTF-8 should be a default for most users anyways.
Hm, copying the first link "without site tracking" still gives me this:
https://www.amazon.com/Bentgo%C2%AE-Pop-Bento-Style-Compartments-Sustainable/dp/B0B3CLN8PX/?_encoding=UTF8&pd_rd_w=2B470&content-id=amzn1.sym.87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_p=87cc8b65-1eb6-4676-be85-d0235c8cc1b4&pf_rd_r=Z6KPA93RVDCTHA2HFQM7&pd_rd_wg=o2LTo&pd_rd_r=fef55702-5392-47a4-a5d2-8a7951d1229b&ref_=pd_gw_dealz_cm&th=1
I get the same when I copy from my comment - I guess it only works reliably from the address bar? Or maybe only if you're on the correct site?
Firefox is getting better every day
Can't wait til the entire extension ecosystem is available on mobile
Does anyone know where the source code for this is?
My c++ is pretty rusty, but I hopped through the changelogs. I think this is the source for it here https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/antitracking/URLQueryStringStripper.cpp
tbf, out of all the programming languages c++ is the worst in terms of DX and readability. Even worse than java, which I despised so much
I don't know the relevant programming languages so I don't know what to search for, but generally, if you want to find something in the Firefox source code, supposedly https://searchfox.org is a great way to do that.
There's various well-known tracking parameters that can be stripped, like UTM parameters. Stripping all query parameters would break a lot of sites, like anything in the vein of http://example.com/site.php?id=123
Blanket-removing the query string would break many real links, so I'd imagine it's more nuanced than that.
I really hope they're not sending the URL anywhere..
I don't see why they should send the URL somewhere. For Googley reasons, most tracking parameters start with "utm_". You can remove those pretty naïvely, generally without links breaking.
There's also the ClearURLs add-on.
Or uBlock Origin with filter lists. 👍
Well yeah but building in privacy-enhancing features like this is a great strategy for FF.
I'm curious whether this sweet feature alone will decrease data greedy websites revenue in $ millions
It won't
Did you remove it or just switched the default to a different one?
I think it getting added again might happen in updates, if they change defaults that's a whole other beast
Switching is enough for me and i didn't had any weird behavior since years, beside the fullscreen VPN ad they did once
Try switching the default before removing the others. If the others get added back, the default should start the same. If you just remove them, it might not update the default. (Because then it's just showing you whatever is left over when it can't find the default.)
Sucks, but they do this periodically yes. Google affiliation is a good revenue stream for them.
Can someone ELI5 what is the difference with normal link sharing?
Does it change for the end user something or what? I ask because I almost never share stuff from my browsers, but I do from some apps such as social media or Sync for Lemmy/Voyager.
it just removes all the crap at the end of a link
Generally a link tells a browser where to find something on the Web, but you can stuff it with additional information so that when a server receives a request for that something, it will know how the browser got that link.
This feature strip's out that additional information.
Try to copy an Amazon link with and without this option and you'll see
Ok, I'll try.
Try to copy an Amazon link with and without this option and you'll see
Try to copy an Amazon link with and without this option and you'll see
As of this writing, it doesn't look like it.
As @[email protected] here mentioned, URLChecker is a good way to manipulate a URL before opening it.
It does look like a really good app and idea, but I'm wondering if it's really necessary on mobile devices. Usually, I don't go around clicking on all kinds of links I shouldn't, so I'm wondering what exact purpose it accomplishes. Genuinely looking for input here.
If anything, URLCheck is even more necessary on mobile devices, particularly iOS where Firefox is just reskinned Safari. On Firefox for Android, you could install the ClearURLs extension, or use uBlock Origin filter lists.
With that said, there are other use cases. For example: Friends or family might share URLs from social media. They often contain unique identifiers that you can strip before clicking the link by using URLCheck.
More on this here: https://a.lemmy.world/lemmy.world/post/8443034
Good points. I was under the impression, though, that the extension doesn't exist for mobile Firefox yet.
It prevents apps from opening links in your browser directly, since they have to go through URLCheck first. Let's say you click a link in your email, and instead it opens a "google.com/url?q=https://amazon.com" or a "safelinks.outlook.com/?url=..." instead of just taking you to Amazon.com. URLCheck will get rid of the unnecessary redirection and allow you to go directly to the site.
Adding onto that, my pet peeve with email links is them showing you a link that says Amazon.com, but then you go to click the link it opens a bunch of email tracking links before finally taking you to Amazon.com. With URLCheck you can actually stop these links from opening, and go to the website directly in the browser yourself.
If you're familiar with that issue that popped up regarding ".zip" domain names, and how they can be engineered to look like an official URL, this is a non issue as you'll get a warning if any link contains malicious unicode characters that could be mistaken for something else
Also, if you have multiple apps that can handle a link (maybe different youtube apps like libretube, newpipe, grayjay), you can pick which one to open after clicking a link. Android does have a stock app picker, but it's very easy to mistakenly set an app as default.
Android apps can also track what apps triggered them to open - URLCheck can mask this, and even set some advanced flags for how the link handler app should be opened.
To be honest after using it for a while, I really wish there was something similar available for desktop
Thanks for the insight!
You can look into URLCheck until it is
https://github.com/TrianguloY/UrlChecker
On Android you can install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing a link from Firefox or any other app.
Based Firefox
Is there an about:config setting to make this the default action or are we gonna have to be patient for that?
I looked for it in about:config, but I couldn't narrow it down and see which parameter it was (if it's even in there at all yet).
Also searching for this answer. https://lemmy.world/comment/5626130
Semi-off-topic, but is there anything like a smarter clipboard on Android that can remove tracking details on paste (would be different from a plain paste)?
URLCheck: https://github.com/TrianguloY/UrlChecker
Not quite the same thing, but if you install LinkCleaner as a PWA using a chromium browser, it will show up as an option when sharing the link. Then you can copy to the clipboard or share it elsewhere.
Great for desktop/laptop, but I'm waiting for them to release it on mobile as well. At the very least, if they have, Mull hasn't added it yet.
Why would i ever have a link with tracking?
What do you mean? Tons of links on the web have trackers appended to the URL.
Pretty sure they are asking, "Why would I ever want the tracking copied, why is this relegated to a bespoke option instead of being the default behavior?"
I think it's good to have a normal copy along with this remove tracking one. In case for some reason removing tracking messes something up with the link and makes it not work. It's always nice to have options rather than just doing it automatically.
agree with you about having options, but swap it around. have copy without trackers be "copy link", and then have an option "copy link with trackers"
I disagree. I think the default option should be what users expect, and users expect "copy" to do exactly that: copy without modifying the text.
I think we could have an about:config tweak to make copying links always remove trackers
account activation links often have tracking required for them to work
The fact is that there is no surefire way to get rid only of tracking parameters, because they can mix in with other legit ones that if removed would break the website you're visiting.
Last I heard, Facebook had rolled out some encrypted URL parameters, so the collective mapping efforts to manually identify parameters only used for tracking on each different website could very well be nullified if many implement something evil as that
I noticed this feature in Brave first.
Mentioning Brave is like subscribing to downvotes. 😅
Indeed, but it's true - Brave did bring this feature long ago. It's a good thing for us, let multiple browsers try to one up each other on privacy focused features.
That's true, this was one thing that was slightly annoying when I made the move from brave to Firefox. But I mean, I wouldn't really characterise this as a reliable security feature. If you don't manually check your URL before hitting return anyway, you're going to be less secure than without the feature
As a Brave user I'm well aware ... of all of the above 😅