this post was submitted on 13 Dec 2024
690 points (96.9% liked)

Technology

60052 readers
2821 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 week ago* (last edited 1 week ago) (2 children)

There are in fact many extensions designed to suppress or rewrite headers, most notably cookies, but also proxy headers and other things like that. Stripping out privacy invading (or in this case revenue redirecting) query parameters is another thing that extensions can do, and there are various extensions for that too, including apparently ublock origin (UBO).

UBO is not able to rewrite urls completely (a deliberate decision to protect users from accidental or intentional security breaking rules appearing in rule lists) but there are other extensions that do that too, like changing www.reddit.com to old.reddit.com, or bypassing google redirects and link shorteners that snoop on user activity. The web is a predator-prey ecosystem (users are mostly prey) and it is necessary to respond to new hazards as they appear.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

I use this filter in ublock to remove them: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt.

These things are very privacy invading, many of them have information that can identify the users. I don't think douglasg14b knows what he is talking about. Yes they are query parameters, but they are used for many things such as advertisment for example or referrals, I think it is fine to remove query parameters that are not necessary.

https://www.ieee-security.org/TC/W2SP/2014/papers/privacy_query_strings.pdf

Sometimes the website sends sensitive data through query strings which is a common security issue.

https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url

[–] [email protected] 1 points 1 week ago

You were so, so much more polite than I would have been