[HN Gopher] URL shorteners set ad tracking cookies ___________________________________________________________________ URL shorteners set ad tracking cookies Author : firloop Score : 154 points Date : 2021-01-03 19:05 UTC (3 hours ago) (HTM) web link (ylukem.com) (TXT) w3m dump (ylukem.com) | Eriks wrote: | Not all URL shorteners do that. I know because I own and maintain | one that doesn't. | stretchcat wrote: | Hopefully yours is only available on a company LAN or other | private network. Public link shorteners are a linkrot disaster, | particularly the myriad of shorteners being run by random dudes | for shits and giggles, since those disappear as soon as they | get bored. There is nothing more frustrating than having a dead | shortened link for content that is likely still available if | only you had the real URL, not the shortened garbage. Link | shorteners are a form of pollution; you may as well pour used | motor oil down a gutter. | qwerty456127 wrote: | There are cases where URL shorteners are useful. E.g. some | websites would parse a link you embed within a text you post | and replace it with the actual video if that's a link to | YouTube. A shortener may be the only way to post a classic | hyperlink to a YouTube video there. Shortened URLs may also | help when you need to put them on paper/merchandise or on TV | or say them in a voice call. That's sad goo.gl has been | discontinued - it was what you could rely on. IMHO | archive.org should make their own. | Eriks wrote: | No, it's public and has been run for 11 years already and | will continue to do so in foreseeable future. I would say it | is the most popular one in my home country and it has good | reputation among users. From my experience most linkrot | issues comes from the fact that sites and documents URL | shorteners link to go down before URL shorteners themselves. | Many websites from 11 years ago doesn't exist anymore. | stretchcat wrote: | Will you die, will your heirs continue to operate this | service? Or do consequences beyond your life not concern | you? (e.g. _" Why should I care about climate change, I'll | be dead before it gets bad!"_) | | To mitigate the harm you've already caused, you should put | the service into a read-only mode and contact Archive Team | about handing off the database. You should do this today, | before you get hit by a bus. | prophesi wrote: | What harm have they "already caused"? | | Is link rot such a damaging phenomenon that it warrants | attacking hobbyists and their not-for-profit public | service? | | Will you help financially compensate their time setting | up these fail-safes? | stretchcat wrote: | > _What harm have they "already caused"?_ | | They have already inserted themselves as a middleman by | shortening URLs, creating an additional point of failure | which will inevitably break sooner or later. | | > _Will you help financially compensate their time | setting up these fail-safes?_ | | How about: _Blow it out your ass._ He made the mess, so | if he has any integrity he 'll foot the bill for cleaning | it up. | Eriks wrote: | It's users choice to use a shortener to shorten their | long URLs. Calling shorteners middleman is just wrong. | stretchcat wrote: | The person who uploads the link is not the only affected | party. This affects every unrelated person who might ever | want to follow those links long after the shortener is | dead and gone. | Eriks wrote: | Any link on the internet - shortened or not - can after | some time die. Domain registration expire, websites get | shut down. Domain changes ownership and new site goes up. | Relax. It's just a lifecycle of Internet resources. Let | us end this conversation. You obviously see things | differently. | prophesi wrote: | > [Unnecessary crude remark]. He made the mess, so if he | has any integrity he'll foot the bill for cleaning it up. | | He [set up a server with a link shortening service pro | bono, eating the cost of server maintenance for 11 | years], so if he has any integrity he'll [do more free | work]. | | I'd argue it's the user's fault if they decide to trust a | small hobby site to last until the end of time. How many | link shortening services have you used which promptly | died, causing you to find this ridiculous hill to die on? | Eriks wrote: | Thank you for being concerned for my life. I've set it up | in a way that someone will take it over after my sudden | death, don't worry. | | And I care about climate change, even after my death. | dang wrote: | Please don't post in the flamewar style to HN or cross | into personal attack. Those things aren't compatible with | curious conversation, which is what we're going for here. | We're also trying to avoid the online callout/shaming | culture [1]. | | Even if you're right, beating people with a stick will | neither improve their behavior nor the quality of | conversation for anybody else. The end state of this is a | ghost town inhabited by a few nasty diehards, abandoned | by users one would actually want to have a conversation | with. That seems to be the default fate of internet | forums but the goal of this one has always been to stave | it off a little longer [2]. | | [1] https://hn.algolia.com/?query=online%20shaming%20by%3 | Adang&s... | | [2] https://hn.algolia.com/?query=stave%20by:dang&dateRan | ge=all&... | dejj wrote: | Do you have some form of information escrow in place? E.g. | could archive.org store a page of all your short-url | mappings? | Eriks wrote: | Not at the moment but Archive.org is an option I'm | considering. | CarelessExpert wrote: | Eh, for links to content on my website I just cooked up my own | URL shortener using Apache rewrite maps and a little scripting to | generate the short codes. Simple, private, and entirely under my | control (which also means I don't have to worry about the links | breaking). | ourcat wrote: | I did that for a while with a short domain I used to own | (urlb.at). Then ended up regretting it and shutting it down. | | I eventually decided that URL shorteners were a terrible idea | for the web and that I wanted the 'actual' URLs out there. | CarelessExpert wrote: | > Then ended up regretting it and shutting it down. | | Care to elaborate? | loceng wrote: | I assume because it creates/introduces an arguably | unnecessary point of potential future failure. | 6510 wrote: | I use to run into a sci usenet poster who usually provided 10-30 | shortened links with his postings pointing at books, papers and | previous postings (google groups). Arguing over a topic he one | time explained he had a clear analytics picture of what | references other posters did and didn't read, who [silently] | participated in the discussions, how much people read before and | after writing a response, etc. | baxtr wrote: | Of course they do? How would erst make money otherwise? | dejj wrote: | Consider "commoditizing the complement" | (https://www.gwern.net/Complement) e.g. a news site making | their content linkable through social media for ad revenue at | the actual page. | zackmorris wrote: | Wow never heard of that, thanks! | | This is one of the thousand reasons that I don't think | capitalism will be viable beyond 10-20 years from now. The | endgame will be perfect monopoly - one global player in every | niche of our daily existence. Slowly force-feeding us a diet | of whatever is most profitable (whatever service encompasses | the most dysfunction in exchange for money). | | Off the top of my head, a better system might be one that | seeks to eliminate dysfunction instead of profiting from it. | Web browsers could provide short links to all websites by | using a hashing function instead of an encrypted refcount. | They could remove as many identifying bits as possible (like | cookies). I like the direction that Apple and others are | going, preserving less user data and letting less spill | between unrelated websites. | | The question of what all these advertisers will do once | they're not allowed to track us is a big one. But my guess is | that targeted advertising is not needed in the first place. | They did just fine (arguably better) with demographics in the | centuries before tech revealed our personal browsing | histories. | lawnchair_larry wrote: | > This is one of the thousand reasons that I don't think | capitalism will be viable beyond 10-20 years from now. | | Hmm. You posted this from your phone or computer that was | created by capitalism, from an OS created by capitalism, | using a browser created by capitalism, to a message board | for an organization who literally specializes in | capitalism. While the original incarnation of the internet | wasn't created by capitalism, military funding and the | inherent authoritarianism is probably not the ideal | direction to return to. Yet you think all of this only has | 10-20 years left? | | Oddly, you express a preference for what Apple are doing | instead, yet they are the single largest product of | capitalism or any other economic system that the world has | ever known, including Saudi Aramco. Capitalism just "cured" | a pandemic faster than anyone thought possible. | | Now, it's not without its issues, but all of the evidence | seems to suggest that we maybe ought to think twice before | abandoning it and probably killing hundreds of millions of | people (again). | SpocksBrain wrote: | Ah yes, "you dislike Society yet you contribute to it in | someway, I am so smart". | | The classical Sciences and Arts were all founded and | developed under "divinely ordained" Monarchies. I suppose | that would've been a fantastic case for conserving that | system for you? | | Have you thought that maybe all those material | accomplishments made under capitalism have less to do | with the system itself and more to do with the fact it's | the only one around? Pretty sure many of today's tech is | founded as much on innovation that came out of Soviet | labs as anybody else's. | | Also, incidentally, current day capitalism is at the beck | and call of one of the last remaining communist | countries. Just a curiosity. | q3k wrote: | > You posted this from your phone or computer that was | created by capitalism, from an OS created by capitalism, | using a browser created by capitalism, to a message board | for an organization who literally specializes in | capitalism. | | ... that all base on centuries of research, science and | technological development that happened before capitalism | was even first proposed. Your point being? | polote wrote: | Don't want to be mean, but just to inform you, guidelines says | "Please don't delete and repost. Deletion is for things that | shouldn't have been submitted in the first place." and I know you | have posted and then deleted the same post yesterday. It is fine | to repost if you didn't get notice no worries | firloop wrote: | Sorry about that, noted. | pluc wrote: | Wasn't the primary use of URL shorteners to compress a given URL | in order to reduce the character count? Given today's Twitter, | what are they still used for besides visual convenience? | | Do youtu.be, t.co, fb.me and dlvr.it next! | mschuster91 wrote: | > Given today's Twitter, what are they still used for besides | visual convenience? | | Data analytics - basically you spread out different shortened | links on your campaigns / media, so you can track effectiveness | while at the same time the user does not have to manually type | in cryptic characters. | pluc wrote: | Yeah, what I mean is that I don't think URL shorteners do | anything for users aside from being slightly better to look | at | buzer wrote: | I mainly use them when I need to send a link that needs to be | manually typed at some point (e.g. asking person to go some | website during phone call). | indymike wrote: | Well, click tracking and click counting come to mind. | reaperducer wrote: | My company uses them in its print assets like billboards, | posters, and transit ads. | | I see them all the time in commercial text messages, like from | things I've subscribed to, or delivery alerts so I can track | the pizza guy. | Hnrobert42 wrote: | Do they use QR codes in addition to the shortened URLs? I've | always wondered why QR code's haven't caught on more. | Especially for things where the objective to access | information more convenient than fat-fingering. | earthboundkid wrote: | No, the primary point was always to add UTM trackers to the | URL. That's why companies kept using them after Twitter | introduced t.co. | jabart wrote: | Text messages still use short links and carriers sometimes | block by domain for links sent via A2P over their network. | axegon_ wrote: | Not particularly surprising. I was building a url shortner some | 12-13 years ago but eventually abandoned it. But this was exactly | how I planned to monetize it. | TheRealDunkirk wrote: | This headline might be the biggest "duh!" I've ever read on the | site. In this day, and in this surveillance market economy, you | must assume that you WILL be tracked wherever you CAN be | tracked. | TimLeland wrote: | This is really interesting. I suppose tiny url gets a kicked back | from their ad network for this. I'm the creator of the URL | shortener (T.LY) and a Link Unshortener tool. I spend most of my | development time fighting bad actors. My goal is to have a | legitimate competitor to bitly that people benefit from. We do | not set any cookies on redirects but do use cookies for | authentication for users. | | T.LY: https://t.ly/ | | Link Unshortener: https://linkunshorten.com/ | codefined wrote: | I currently host https://femto.pw/ - A URL shortener I've kept up | for ~4 years and intend to indefinitely. It doesn't do anything | with regards to tracking cookies or other dark patterns. It just | redirects you using a 302 redirect. | Merman_Mike wrote: | FYI that your site is blocked by this list: | https://gitlab.com/The_Quantum_Alpha/the-quantum-ad-list | | HN post for that list here: | https://news.ycombinator.com/item?id=25512273 | codefined wrote: | Hm, well I've got to work out how to get off that list! | Thanks for giving me the heads up. | | EDIT: I'm not sure quite how to deal with being put on ad | lists. Sure, people can upload any file to our host so it's | plausible that someone, at some point, has uploaded an | advert. Someone could also redirect to an advert domain and | we'd have no way to really deal with that unless it was | reported. Ideas are welcome for solutions. | Hnrobert42 wrote: | Just some thoughts: | | 1. Reach out to the list maintainer to see why your site | was added. | | 2. Create a blocklist comprised of those ad lists. Don't | redirect to sites on the blocklist. | | 3. (Of dubious practical value) Create a Terms of Service | that says users may not use your to link to advertisements. | Merman_Mike wrote: | +1 to the second suggestion as a low-effort way to make | some headway in staying off blocklists. | | A place to start might be this large, very popular list | that combines a bunch of other lists: https://oisd.nl/ | | Actual text file is here (large file warning): | https://hosts.oisd.nl/ | | Just prevent your service from shortening links to any of | those domains. | q3k wrote: | What happens to it when you die? Do you have a contingency plan | to export this data somewhere for archival purposes? | codefined wrote: | I've worked with the Internet Archive to ensure continuity if | I get hit by a bus or anything. A list of all items that have | been uploaded to the site will be provided to them if | anything happens to me. | tomaszs wrote: | I am not surprised. URL shorteners will try to monetize | eventually. One way is to support ad networks, other is to show | ads and videos before navigating to the target URL. I am 100% | sure TOS allow it since the beginning. | | As far it seems to be a grim future, it is almost only way they | can monetize. Otherwise they will close their businesses | rendering millions of URLs broken, what I think is the future | that is too easy to predict. | bobdosherman wrote: | Could also cross-subsidize by being a sub-affiliate network as | part of an affiliate network. Company earns percentage of | affiliate commissions produced by in-network links, which | subsidize the non-commissionable out-of-network links (and non- | earning in-network links). | m00x wrote: | The title should be "TinyURL sets ad tracking cookies" as this is | the only one proven to do in this article. | | There are tons of URL shorteners, and not all of them do this. | firloop wrote: | bit.ly and t.co both do, and they're hugely popular. I just | left the HTTP responses out of the post for brevity. From the | post: | | >While neither redirect you to an advertising company like | TinyURL, Twitter's primary business model is advertising, and | bit.ly's privacy policy says they share data with third parties | to "...provide advertising products and services..." | | Both services set long-lived tracking cookies: | curl -v 'http://bit.ly/aFzVh0' ... < Location: | http://nymag.com/daily/entertainment/2010/08/hear_katy_perrys_m | ilk_milk_lem.html < Set-Cookie: | _bit=l03lLp-b899a3350a02095760-00P; Domain=bit.ly; Expires=Fri, | 02 Jul 2021 21:47:25 GMT curl -v | 'https://t.co/45cMiYOHQ8' ... < location: | https://luke.cat/ < set-cookie: | muc=6d0d0800-f738-4704-b292-f03b6e5a5f91; Max-Age=63072000; | Expires=Tue, 03 Jan 2023 21:49:09 GMT; Domain=t.co; Secure; | SameSite=None | calmchaos wrote: | Use Cookiebro webextension to get rid of such tracking cookies | automatically. Problem solved. | | https://nodetics.com/cookiebro | appleflaxen wrote: | His GDPR letter is quite well written, too | | https://ylukem.com/files/_viglink-gdpr-email.png | rsync wrote: | Although "Oh By"[1] is not strictly a URL shortener it can be | used as one quite nicely. | | When used as a URL shortener, there are no cookies, no tracking, | and ublock origin shows a nice big zero throughout. This is | because the revenue model of Oh By is selling custom/vanity codes | - not monetizing user data or advertising. | | "If you're looking for a dead-simple URL shortener that respects | your privacy and doesn't slow you down with ads or multi-megabyte | interstitial pages, Oh By might be for you."[2] | | [1] https://0x.co | | [2] https://0x.co/faq.html | [deleted] | bobkrusty wrote: | . You have to type http:// on the message field To make a | redirect | rsync wrote: | Yes, correct. | | The typical use case is a human message, not a URL. If you | want a redirect you need to explicitly prefix it like that... | madars wrote: | Wow! https://preview.tinyurl.com/examplezoom really shows | https://zoom.us/j/123456789 link whereas Chrome network inspector | confirms the viglink.com redirect. uBlock origin blocks the | latter via Dan Pollock's hosts file and Peter Lowe's Ad and | tracking server list. | vitus wrote: | Tinyurl actually has a preview feature, which you can enable by | default. | | https://preview.tinyurl.com/examplezoom | | Curiously, this specific tracking behavior (both the redirect and | the cookie) goes away when turning on previews. | | (Incidentally, my uBlock origin filters block the VigLink | redirect as a tracker, by default, as a sibling commenter points | out.) ___________________________________________________________________ (page generated 2021-01-03 23:00 UTC)