Tracking Links

I'm amused – and slightly sad – that as I began to do my research for this blog post, every result for a search of “tracking links” or “tracking URLs” returned the same thing: web-hosting and analytics companies giving a very benign overview of what they are and then explaining why everyone who owns a website should be using them. I shouldn't be surprised. Like most surveillance technologies, the proliferation of tracking links is aided by two main concepts: the first is that they provide a very useful trade off, and the second is that people don't really understand or consider the danger of the capabilities.

Tracking links or tracking URLs are hyperlinks that not only direct you to a website, but also record information about you when you click on them. These can appear in the form of shortened links, such as the common “bit.ly” service, or it can appear in the full link, usually beginning with a question mark or a slash then followed by a bunch of other information.

Image

This is not to say that every shortened link contains tracking, although it's hard to tell without seeing the full link. Likewise, not every question mark or slash signals the beginning of tracking information. But they are the most common indicators.

What do they do?

Tracking links, as the name suggests, track information when you click on them. As a business owner, I understand the value of certain metrics. It's useful to know if the majority of your website visitors are coming from mobile or desktop so you know how much focus you need to give to making your site responsive. It could even be useful to know if they're specifically coming from Apple or Android devices in case you were developing an app and needed to know which to prioritize. For advertisers, knowing what site your visitors are coming from helps you know where your advertising is most effective.

However, as with most good technologies gone wrong, tracking links get so much more invasive than simple, useful metrics require. It's not uncommon for tracking links to be able to trace unique, personal information like IP address, MAC address, operating system down to which specific version or upgrade has been installed (ex: iOS 13.2). Some of them can even be used to track who sent the link, what time it was opened, other apps that are installed on the device, or websites that have been visited (this, I would imagine, involves the use of cookies stored on your device and therefore this becomes a coordinated effort from the tracking link). This is significantly more information than any website would need to know for metrics' sake, and it runs the high risk of identifying you personally in what's supposed to be anonymous data designed to help improve the site or service. Why does a recipe website need to know what other websites you've visited? What use does a clickbait article site have knowing the apps on the phone of the friend you shared the article with? It's a massive invasion of privacy.

Image Facebook's obnoxiously long tracking links

Thankfully, the easiest way to avoid tracking links on a desktop/laptop environment is to install uBlock Origin. The developer recently added a powerful tracking-link remover to the menus, which I explain how to enable here. However one should never rely solely on technology and should always know how to take matters into their own hands if necessary. (Also this solution isn't available for most mobile users.) The key giveaway is to look for the aforementioned questions marks and gibberish. A link that goes “https://www.website.com/article-title/gfm-feed-12456" probably doesn't need that last bit (“gfm-feed-12456”). I've found the most effective solution is to erase it and see if the link still works. If it does, congratulations! You've erased the tracking link and helped protect the privacy of both yourself and your friends! Same thing applies with question marks. “https://www.website.com/article-title.html?=feed-123456." Delete everything from the question mark on, and check the link. This does require you to learn how to read a link, but honestly it's not that hard. Usually key words from the title will appear in the link, and it's a safe bet that anything you don't recognize beyond “.html” is probably not required. It's also a good idea to check the link before sharing it. I've found as I post news links to The New Oil's Mastodon account that some websites have gibberish-looking parts of their URL that are actually necessary (Forbes comes to mind, their links tend to look something like “forbes.com/article-title/12356” but deleting the gibberish actually brings up a 404 error page).

Stripping tracking links will not negatively impact the necessary metrics of a website, and frankly it won't stop invasive data collection. Any owner interested in the analytics will still be able to tell who visits their site, what device, how long they stay, and a ton of other invasive information that quite frankly they don't need. But it will help to protect both your privacy and the privacy of those around you by removing small parts of the puzzle – the fact that you sent your friend to that site, for example, or other invasive information that helps corporations and governments create a more complete but unnecessary picture of you that can and usually does get abused. And the more we take conscious stands against this kind of stuff and show that we as consumers will no longer tolerate it, the less common it will become (hopefully).

You can find more recommended services and programs at TheNewOil.org. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work in a variety of ways here.