Skip to main content


This was predictable. Facebook/Meta is now encrypting the QP data so that Firefox and other privacy conscious browsers that strip the tracking data can't. Only way to avoid it is to not use Facebook at all. # # https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/
Typical cat-and-mouse game. I predict this will go even further: we’ll see libraries for major web servers pop up that would handle query param encryption/decryption on the fly which will make this practice ubiquitous, rendering any existing URL-based tracking prevention irrelevant.
Yeah not sure where the war will go. I'll just avoid Facebook as much as I can, continue using the Facebook Container plugins in Firefox, etc.
No mice, cat dies.
As I understood it the blob is encrypted by the server. If done properly there is nothing the client can do. It would be like decrypting a pgp encrypted document.

However, it is plausible for a script to get the URL from the link text (if they display that), but unfortunately you likely won't see the entire url that way unless it is short.
Yes, it’s done server-side. The library would handle the encryption/decryption so that the web server can continue accessing the query params as if they were in plain text. If done well, it could be a plug-and-play middleware type of deal.
And those JS libraries will be blocked in the next step of the cat-and-mouse game!
Those libraries are most likely going to be on the server side so this might be the last round of the game, sadly.
On fediverse we are not hurt whatever they do...
Yeah to end users it looks no different than the other jumble of characters at the end of links. I can't even manually clean up Facebook links. Craziness.
Only way to avoid it is to not use Facebook at all.

I'll continue that habit then.
It certainly was predictable. Now send the URL to a server and let it do the decoding, so Meta gets as little data as possible from the result. Continue driving meta's costs up; the more engineering and CPU they need to throw at this problem, the better.

Or just pass privacy-preserving legislation and avoid the whole situation. Go buy your government official's profiles from a data broker and post them online; that should get things moving.
The solution to many things is to "not use Facebook at all" (nor Twitter nor Instagram nor Tiktok).
AES encryption has been basically free, computationally, for 15+ years. What took Facebook so long to do this? Didn't act until enough people were sanitizing their URLs?
They are shameless and block at the DNS level on my machines.
Holy crap! That is BAD! Good thing I don't use it!
I don't really use Facebook either, but it sounds like maybe you can also avoid this by never clicking on outgoing links from Facebook?

(Evil regardless, but it would be useful to have an idea of whether I'll be taking risks if I occasionally log on to message somebody about a party invitation they sent me or something like that.)
Looking very much forward to when DSA kicks in so I can throw 'Meta' in the bin.
"The only way to win is to cease playing"
Furthermore, I believe that Meta must be destroyed.
this is 100% why Mastodon needs to exist.
Yup and the rest of the Fediverse, indeed :)
I guess the only possible defense is to let the browser pop up a big fat warning whenever handling a facebook link. On the source side whenever a user copies a link, a popup should explain what you are targeting your friends with. And the receiving side, a browser should present a warning before opening a Meta link (like most mua's does with external links in mail content)
Sweet, my decade-long constant avoiding of anything tied to FB at all has paid off!
I bet Google will start doing it too. Fuck all of them. I don't use Facebook at all. If I have to open their links, it's done in TOR browser 🤷‍♂️

It would be just great if more people stopped using their products altogether, but that's like wishing people had enough conviction to do anything about climate change.
It just won't happen
throw in the fact unlock origin doesn't work and no support system in place for when the trademarking system doesn't work and you sure have a dumpster fire.
at least nothing of value
that's ok. Don't use Facebook.
Good question I'm not sure.

Content warning: Re: Facebook

Content warning: Re: Facebook

Content warning: Re: Facebook

Most of the data Facebook and many, many other companies and data brokers get come from mobile apps. Their SDK's are built-in, constantly spying on the user and relaying tons of info. URL tracking is, by comparison, a quite minor thing.