[HN Gopher] URL shorteners set ad tracking cookies
___________________________________________________________________
URL shorteners set ad tracking cookies
Author : firloop
Score : 154 points
Date : 2021-01-03 19:05 UTC (3 hours ago)
(HTM) web link (ylukem.com)
(TXT) w3m dump (ylukem.com)
| Eriks wrote:
| Not all URL shorteners do that. I know because I own and maintain
| one that doesn't.
| stretchcat wrote:
| Hopefully yours is only available on a company LAN or other
| private network. Public link shorteners are a linkrot disaster,
| particularly the myriad of shorteners being run by random dudes
| for shits and giggles, since those disappear as soon as they
| get bored. There is nothing more frustrating than having a dead
| shortened link for content that is likely still available if
| only you had the real URL, not the shortened garbage. Link
| shorteners are a form of pollution; you may as well pour used
| motor oil down a gutter.
| qwerty456127 wrote:
| There are cases where URL shorteners are useful. E.g. some
| websites would parse a link you embed within a text you post
| and replace it with the actual video if that's a link to
| YouTube. A shortener may be the only way to post a classic
| hyperlink to a YouTube video there. Shortened URLs may also
| help when you need to put them on paper/merchandise or on TV
| or say them in a voice call. That's sad goo.gl has been
| discontinued - it was what you could rely on. IMHO
| archive.org should make their own.
| Eriks wrote:
| No, it's public and has been run for 11 years already and
| will continue to do so in foreseeable future. I would say it
| is the most popular one in my home country and it has good
| reputation among users. From my experience most linkrot
| issues comes from the fact that sites and documents URL
| shorteners link to go down before URL shorteners themselves.
| Many websites from 11 years ago doesn't exist anymore.
| stretchcat wrote:
| Will you die, will your heirs continue to operate this
| service? Or do consequences beyond your life not concern
| you? (e.g. _" Why should I care about climate change, I'll
| be dead before it gets bad!"_)
|
| To mitigate the harm you've already caused, you should put
| the service into a read-only mode and contact Archive Team
| about handing off the database. You should do this today,
| before you get hit by a bus.
| prophesi wrote:
| What harm have they "already caused"?
|
| Is link rot such a damaging phenomenon that it warrants
| attacking hobbyists and their not-for-profit public
| service?
|
| Will you help financially compensate their time setting
| up these fail-safes?
| stretchcat wrote:
| > _What harm have they "already caused"?_
|
| They have already inserted themselves as a middleman by
| shortening URLs, creating an additional point of failure
| which will inevitably break sooner or later.
|
| > _Will you help financially compensate their time
| setting up these fail-safes?_
|
| How about: _Blow it out your ass._ He made the mess, so
| if he has any integrity he 'll foot the bill for cleaning
| it up.
| Eriks wrote:
| It's users choice to use a shortener to shorten their
| long URLs. Calling shorteners middleman is just wrong.
| stretchcat wrote:
| The person who uploads the link is not the only affected
| party. This affects every unrelated person who might ever
| want to follow those links long after the shortener is
| dead and gone.
| Eriks wrote:
| Any link on the internet - shortened or not - can after
| some time die. Domain registration expire, websites get
| shut down. Domain changes ownership and new site goes up.
| Relax. It's just a lifecycle of Internet resources. Let
| us end this conversation. You obviously see things
| differently.
| prophesi wrote:
| > [Unnecessary crude remark]. He made the mess, so if he
| has any integrity he'll foot the bill for cleaning it up.
|
| He [set up a server with a link shortening service pro
| bono, eating the cost of server maintenance for 11
| years], so if he has any integrity he'll [do more free
| work].
|
| I'd argue it's the user's fault if they decide to trust a
| small hobby site to last until the end of time. How many
| link shortening services have you used which promptly
| died, causing you to find this ridiculous hill to die on?
| Eriks wrote:
| Thank you for being concerned for my life. I've set it up
| in a way that someone will take it over after my sudden
| death, don't worry.
|
| And I care about climate change, even after my death.
| dang wrote:
| Please don't post in the flamewar style to HN or cross
| into personal attack. Those things aren't compatible with
| curious conversation, which is what we're going for here.
| We're also trying to avoid the online callout/shaming
| culture [1].
|
| Even if you're right, beating people with a stick will
| neither improve their behavior nor the quality of
| conversation for anybody else. The end state of this is a
| ghost town inhabited by a few nasty diehards, abandoned
| by users one would actually want to have a conversation
| with. That seems to be the default fate of internet
| forums but the goal of this one has always been to stave
| it off a little longer [2].
|
| [1] https://hn.algolia.com/?query=online%20shaming%20by%3
| Adang&s...
|
| [2] https://hn.algolia.com/?query=stave%20by:dang&dateRan
| ge=all&...
| dejj wrote:
| Do you have some form of information escrow in place? E.g.
| could archive.org store a page of all your short-url
| mappings?
| Eriks wrote:
| Not at the moment but Archive.org is an option I'm
| considering.
| CarelessExpert wrote:
| Eh, for links to content on my website I just cooked up my own
| URL shortener using Apache rewrite maps and a little scripting to
| generate the short codes. Simple, private, and entirely under my
| control (which also means I don't have to worry about the links
| breaking).
| ourcat wrote:
| I did that for a while with a short domain I used to own
| (urlb.at). Then ended up regretting it and shutting it down.
|
| I eventually decided that URL shorteners were a terrible idea
| for the web and that I wanted the 'actual' URLs out there.
| CarelessExpert wrote:
| > Then ended up regretting it and shutting it down.
|
| Care to elaborate?
| loceng wrote:
| I assume because it creates/introduces an arguably
| unnecessary point of potential future failure.
| 6510 wrote:
| I use to run into a sci usenet poster who usually provided 10-30
| shortened links with his postings pointing at books, papers and
| previous postings (google groups). Arguing over a topic he one
| time explained he had a clear analytics picture of what
| references other posters did and didn't read, who [silently]
| participated in the discussions, how much people read before and
| after writing a response, etc.
| baxtr wrote:
| Of course they do? How would erst make money otherwise?
| dejj wrote:
| Consider "commoditizing the complement"
| (https://www.gwern.net/Complement) e.g. a news site making
| their content linkable through social media for ad revenue at
| the actual page.
| zackmorris wrote:
| Wow never heard of that, thanks!
|
| This is one of the thousand reasons that I don't think
| capitalism will be viable beyond 10-20 years from now. The
| endgame will be perfect monopoly - one global player in every
| niche of our daily existence. Slowly force-feeding us a diet
| of whatever is most profitable (whatever service encompasses
| the most dysfunction in exchange for money).
|
| Off the top of my head, a better system might be one that
| seeks to eliminate dysfunction instead of profiting from it.
| Web browsers could provide short links to all websites by
| using a hashing function instead of an encrypted refcount.
| They could remove as many identifying bits as possible (like
| cookies). I like the direction that Apple and others are
| going, preserving less user data and letting less spill
| between unrelated websites.
|
| The question of what all these advertisers will do once
| they're not allowed to track us is a big one. But my guess is
| that targeted advertising is not needed in the first place.
| They did just fine (arguably better) with demographics in the
| centuries before tech revealed our personal browsing
| histories.
| lawnchair_larry wrote:
| > This is one of the thousand reasons that I don't think
| capitalism will be viable beyond 10-20 years from now.
|
| Hmm. You posted this from your phone or computer that was
| created by capitalism, from an OS created by capitalism,
| using a browser created by capitalism, to a message board
| for an organization who literally specializes in
| capitalism. While the original incarnation of the internet
| wasn't created by capitalism, military funding and the
| inherent authoritarianism is probably not the ideal
| direction to return to. Yet you think all of this only has
| 10-20 years left?
|
| Oddly, you express a preference for what Apple are doing
| instead, yet they are the single largest product of
| capitalism or any other economic system that the world has
| ever known, including Saudi Aramco. Capitalism just "cured"
| a pandemic faster than anyone thought possible.
|
| Now, it's not without its issues, but all of the evidence
| seems to suggest that we maybe ought to think twice before
| abandoning it and probably killing hundreds of millions of
| people (again).
| SpocksBrain wrote:
| Ah yes, "you dislike Society yet you contribute to it in
| someway, I am so smart".
|
| The classical Sciences and Arts were all founded and
| developed under "divinely ordained" Monarchies. I suppose
| that would've been a fantastic case for conserving that
| system for you?
|
| Have you thought that maybe all those material
| accomplishments made under capitalism have less to do
| with the system itself and more to do with the fact it's
| the only one around? Pretty sure many of today's tech is
| founded as much on innovation that came out of Soviet
| labs as anybody else's.
|
| Also, incidentally, current day capitalism is at the beck
| and call of one of the last remaining communist
| countries. Just a curiosity.
| q3k wrote:
| > You posted this from your phone or computer that was
| created by capitalism, from an OS created by capitalism,
| using a browser created by capitalism, to a message board
| for an organization who literally specializes in
| capitalism.
|
| ... that all base on centuries of research, science and
| technological development that happened before capitalism
| was even first proposed. Your point being?
| polote wrote:
| Don't want to be mean, but just to inform you, guidelines says
| "Please don't delete and repost. Deletion is for things that
| shouldn't have been submitted in the first place." and I know you
| have posted and then deleted the same post yesterday. It is fine
| to repost if you didn't get notice no worries
| firloop wrote:
| Sorry about that, noted.
| pluc wrote:
| Wasn't the primary use of URL shorteners to compress a given URL
| in order to reduce the character count? Given today's Twitter,
| what are they still used for besides visual convenience?
|
| Do youtu.be, t.co, fb.me and dlvr.it next!
| mschuster91 wrote:
| > Given today's Twitter, what are they still used for besides
| visual convenience?
|
| Data analytics - basically you spread out different shortened
| links on your campaigns / media, so you can track effectiveness
| while at the same time the user does not have to manually type
| in cryptic characters.
| pluc wrote:
| Yeah, what I mean is that I don't think URL shorteners do
| anything for users aside from being slightly better to look
| at
| buzer wrote:
| I mainly use them when I need to send a link that needs to be
| manually typed at some point (e.g. asking person to go some
| website during phone call).
| indymike wrote:
| Well, click tracking and click counting come to mind.
| reaperducer wrote:
| My company uses them in its print assets like billboards,
| posters, and transit ads.
|
| I see them all the time in commercial text messages, like from
| things I've subscribed to, or delivery alerts so I can track
| the pizza guy.
| Hnrobert42 wrote:
| Do they use QR codes in addition to the shortened URLs? I've
| always wondered why QR code's haven't caught on more.
| Especially for things where the objective to access
| information more convenient than fat-fingering.
| earthboundkid wrote:
| No, the primary point was always to add UTM trackers to the
| URL. That's why companies kept using them after Twitter
| introduced t.co.
| jabart wrote:
| Text messages still use short links and carriers sometimes
| block by domain for links sent via A2P over their network.
| axegon_ wrote:
| Not particularly surprising. I was building a url shortner some
| 12-13 years ago but eventually abandoned it. But this was exactly
| how I planned to monetize it.
| TheRealDunkirk wrote:
| This headline might be the biggest "duh!" I've ever read on the
| site. In this day, and in this surveillance market economy, you
| must assume that you WILL be tracked wherever you CAN be
| tracked.
| TimLeland wrote:
| This is really interesting. I suppose tiny url gets a kicked back
| from their ad network for this. I'm the creator of the URL
| shortener (T.LY) and a Link Unshortener tool. I spend most of my
| development time fighting bad actors. My goal is to have a
| legitimate competitor to bitly that people benefit from. We do
| not set any cookies on redirects but do use cookies for
| authentication for users.
|
| T.LY: https://t.ly/
|
| Link Unshortener: https://linkunshorten.com/
| codefined wrote:
| I currently host https://femto.pw/ - A URL shortener I've kept up
| for ~4 years and intend to indefinitely. It doesn't do anything
| with regards to tracking cookies or other dark patterns. It just
| redirects you using a 302 redirect.
| Merman_Mike wrote:
| FYI that your site is blocked by this list:
| https://gitlab.com/The_Quantum_Alpha/the-quantum-ad-list
|
| HN post for that list here:
| https://news.ycombinator.com/item?id=25512273
| codefined wrote:
| Hm, well I've got to work out how to get off that list!
| Thanks for giving me the heads up.
|
| EDIT: I'm not sure quite how to deal with being put on ad
| lists. Sure, people can upload any file to our host so it's
| plausible that someone, at some point, has uploaded an
| advert. Someone could also redirect to an advert domain and
| we'd have no way to really deal with that unless it was
| reported. Ideas are welcome for solutions.
| Hnrobert42 wrote:
| Just some thoughts:
|
| 1. Reach out to the list maintainer to see why your site
| was added.
|
| 2. Create a blocklist comprised of those ad lists. Don't
| redirect to sites on the blocklist.
|
| 3. (Of dubious practical value) Create a Terms of Service
| that says users may not use your to link to advertisements.
| Merman_Mike wrote:
| +1 to the second suggestion as a low-effort way to make
| some headway in staying off blocklists.
|
| A place to start might be this large, very popular list
| that combines a bunch of other lists: https://oisd.nl/
|
| Actual text file is here (large file warning):
| https://hosts.oisd.nl/
|
| Just prevent your service from shortening links to any of
| those domains.
| q3k wrote:
| What happens to it when you die? Do you have a contingency plan
| to export this data somewhere for archival purposes?
| codefined wrote:
| I've worked with the Internet Archive to ensure continuity if
| I get hit by a bus or anything. A list of all items that have
| been uploaded to the site will be provided to them if
| anything happens to me.
| tomaszs wrote:
| I am not surprised. URL shorteners will try to monetize
| eventually. One way is to support ad networks, other is to show
| ads and videos before navigating to the target URL. I am 100%
| sure TOS allow it since the beginning.
|
| As far it seems to be a grim future, it is almost only way they
| can monetize. Otherwise they will close their businesses
| rendering millions of URLs broken, what I think is the future
| that is too easy to predict.
| bobdosherman wrote:
| Could also cross-subsidize by being a sub-affiliate network as
| part of an affiliate network. Company earns percentage of
| affiliate commissions produced by in-network links, which
| subsidize the non-commissionable out-of-network links (and non-
| earning in-network links).
| m00x wrote:
| The title should be "TinyURL sets ad tracking cookies" as this is
| the only one proven to do in this article.
|
| There are tons of URL shorteners, and not all of them do this.
| firloop wrote:
| bit.ly and t.co both do, and they're hugely popular. I just
| left the HTTP responses out of the post for brevity. From the
| post:
|
| >While neither redirect you to an advertising company like
| TinyURL, Twitter's primary business model is advertising, and
| bit.ly's privacy policy says they share data with third parties
| to "...provide advertising products and services..."
|
| Both services set long-lived tracking cookies:
| curl -v 'http://bit.ly/aFzVh0' ... < Location:
| http://nymag.com/daily/entertainment/2010/08/hear_katy_perrys_m
| ilk_milk_lem.html < Set-Cookie:
| _bit=l03lLp-b899a3350a02095760-00P; Domain=bit.ly; Expires=Fri,
| 02 Jul 2021 21:47:25 GMT curl -v
| 'https://t.co/45cMiYOHQ8' ... < location:
| https://luke.cat/ < set-cookie:
| muc=6d0d0800-f738-4704-b292-f03b6e5a5f91; Max-Age=63072000;
| Expires=Tue, 03 Jan 2023 21:49:09 GMT; Domain=t.co; Secure;
| SameSite=None
| calmchaos wrote:
| Use Cookiebro webextension to get rid of such tracking cookies
| automatically. Problem solved.
|
| https://nodetics.com/cookiebro
| appleflaxen wrote:
| His GDPR letter is quite well written, too
|
| https://ylukem.com/files/_viglink-gdpr-email.png
| rsync wrote:
| Although "Oh By"[1] is not strictly a URL shortener it can be
| used as one quite nicely.
|
| When used as a URL shortener, there are no cookies, no tracking,
| and ublock origin shows a nice big zero throughout. This is
| because the revenue model of Oh By is selling custom/vanity codes
| - not monetizing user data or advertising.
|
| "If you're looking for a dead-simple URL shortener that respects
| your privacy and doesn't slow you down with ads or multi-megabyte
| interstitial pages, Oh By might be for you."[2]
|
| [1] https://0x.co
|
| [2] https://0x.co/faq.html
| [deleted]
| bobkrusty wrote:
| . You have to type http:// on the message field To make a
| redirect
| rsync wrote:
| Yes, correct.
|
| The typical use case is a human message, not a URL. If you
| want a redirect you need to explicitly prefix it like that...
| madars wrote:
| Wow! https://preview.tinyurl.com/examplezoom really shows
| https://zoom.us/j/123456789 link whereas Chrome network inspector
| confirms the viglink.com redirect. uBlock origin blocks the
| latter via Dan Pollock's hosts file and Peter Lowe's Ad and
| tracking server list.
| vitus wrote:
| Tinyurl actually has a preview feature, which you can enable by
| default.
|
| https://preview.tinyurl.com/examplezoom
|
| Curiously, this specific tracking behavior (both the redirect and
| the cookie) goes away when turning on previews.
|
| (Incidentally, my uBlock origin filters block the VigLink
| redirect as a tracker, by default, as a sibling commenter points
| out.)
___________________________________________________________________
(page generated 2021-01-03 23:00 UTC)