Skip to main content
This was predictable. Facebook/Meta is now encrypting the QP data so that Firefox and other privacy conscious browsers that strip the tracking data can't. Only way to avoid it is to not use Facebook at all. # # https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/

Facebook has started to encrypt links to counter privacy-improving URL Stripping

Facebook has started to use a different URL scheme for site links to combat URL stripping technologies that browsers use to improve privacy and prevent user tracking.
Martin Brinkmann (gHacks Technology News)
#SurveillanceCapitalism
ilyess
Typical cat-and-mouse game. I predict this will go even further: we’ll see libraries for major web servers pop up that would handle query param encryption/decryption on the fly which will make this practice ubiquitous, rendering any existing URL-based tracking prevention irrelevant.
Hank G ☑️
Yeah not sure where the war will go. I'll just avoid Facebook as much as I can, continue using the Facebook Container plugins in Firefox, etc.
Tagomago
No mice, cat dies.
Gigantos
As I understood it the blob is encrypted by the server. If done properly there is nothing the client can do. It would be like decrypting a pgp encrypted document.

However, it is plausible for a script to get the URL from the link text (if they display that), but unfortunately you likely won't see the entire url that way unless it is short.
ilyess
Yes, it’s done server-side. The library would handle the encryption/decryption so that the web server can continue accessing the query params as if they were in plain text. If done well, it could be a plug-and-play middleware type of deal.
Paper Tape
would this then become a # issue and # / # could sue?
#facebook #meta #dcma
Phel
And those JS libraries will be blocked in the next step of the cat-and-mouse game!
ilyess
Those libraries are most likely going to be on the server side so this might be the last round of the game, sadly.
Abid Nevesinjac
On fediverse we are not hurt whatever they do...
Chris [list of seasonal emoji]
At least they're not being subtle about it.
Hank G ☑️
Yeah to end users it looks no different than the other jumble of characters at the end of links. I can't even manually clean up Facebook links. Craziness.
Chris [list of seasonal emoji]
What I meant was that before this, they could have spun this as "sure, we track you, but we let you opt out by (among other things) making it possible for your client to strip the fluff off of the URL." You know, the whole "technically, you consented" you get from all kinds of adware.

But now, they're completely clear in their intent.
Hans van Zijst
Only way to avoid it is to not use Facebook at all.

I'll continue that habit then.
Brad Koehn ☑️
It certainly was predictable. Now send the URL to a server and let it do the decoding, so Meta gets as little data as possible from the result. Continue driving meta's costs up; the more engineering and CPU they need to throw at this problem, the better.

Or just pass privacy-preserving legislation and avoid the whole situation. Go buy your government official's profiles from a data broker and post them online; that should get things moving.
ϞЖ
The solution to many things is to "not use Facebook at all" (nor Twitter nor Instagram nor Tiktok).
progo on climate change now
AES encryption has been basically free, computationally, for 15+ years. What took Facebook so long to do this? Didn't act until enough people were sanitizing their URLs?
Adam Dalliance
They are shameless and block at the DNS level on my machines.
Dave :rust: :nixos: :kde:
Holy crap! That is BAD! Good thing I don't use it!
dynamic
I don't really use Facebook either, but it sounds like maybe you can also avoid this by never clicking on outgoing links from Facebook?

(Evil regardless, but it would be useful to have an idea of whether I'll be taking risks if I occasionally log on to message somebody about a party invitation they sent me or something like that.)
Peter Bjørn ☯️🌞
Looking very much forward to when DSA kicks in so I can throw 'Meta' in the bin.
wordsmith
"The only way to win is to cease playing"
gudenau
There are some other websites that mandate a valid hash, it still lets you see stuff but most of it doesn't mean anything to the outside world anyway.
horsebatteryhealth
Furthermore, I believe that Meta must be destroyed.
Ash Leece 🚲
this is 100% why Mastodon needs to exist.
Hank G ☑️
Yup and the rest of the Fediverse, indeed :)
Klaus Vink Slott
I guess the only possible defense is to let the browser pop up a big fat warning whenever handling a facebook link. On the source side whenever a user copies a link, a popup should explain what you are targeting your friends with. And the receiving side, a browser should present a warning before opening a Meta link (like most mua's does with external links in mail content)
StrayGuitarist
Sweet, my decade-long constant avoiding of anything tied to FB at all has paid off!
OurMasterPax
# died back in 2018 & will forever be a ghost of its former self. The people involved became very #.

Voyeurism was their drug of choice. Once they figured out how to manipulate people by directing their attentions, they began playing games with real #. They manipulated #, used # to have hostile takeovers. They did terrible things to good people.

Guess who got # due to Bribes? The Politicians, the thieves, & you got #.
#COVID19 #facebook #rich #stocks #MINDS #IntellectualProperty #sick
loveisgrief
I bet Google will start doing it too. Fuck all of them. I don't use Facebook at all. If I have to open their links, it's done in TOR browser 🤷‍♂️

It would be just great if more people stopped using their products altogether, but that's like wishing people had enough conviction to do anything about climate change.
It just won't happen
Goldmaster
throw in the fact unlock origin doesn't work and no support system in place for when the trademarking system doesn't work and you sure have a dumpster fire.
loveisgrief
at least nothing of value
AngharadHafod
that's ok. Don't use Facebook.
Hank G ☑️
Good question I'm not sure.
maxi

Content warning: Re: Facebook

Hank G ☑️

Content warning: Re: Facebook

maxi

Content warning: Re: Facebook

rob 🇨🇦
What’s Face’s book?
Harka
Most of the data Facebook and many, many other companies and data brokers get come from mobile apps. Their SDK's are built-in, constantly spying on the user and relaying tons of info. URL tracking is, by comparison, a quite minor thing.