Recently I’ve become a little more paranoid about this. I also try to remove them when I post anywhere besides private discord server, but I’m wondering how justified my paranoia is and if it’s something I should encourage others to be cautious about.
A website can include any information it has in a link to another website. Usually it’s an ad company tracker or affiliate link so that the referrer (and sometimes recipient) can make money.
They can use this info to build up user profiles, primarily for marketing purposes. There are likely already a few profiles built around your data, some of them attached to your name. They can do this through buying up and linking these kinds of data: IP address, browser fingerprint, url tracking data, logins on different websites, and tracking widgets embedded in sites (like “log in with Facebook”, which allows Facebook to know that you visited that page if you’re logged in on that browser).
Those profiles can be used privately for ad purposes. They can also be given to feds and other people that would do us harm. It’s good to minimize your footprint as much as is practicable, which includes stripping tracking stuff from URLs locally on your side (edit the URL manually) and websites like this one doing their best to strip them from submissions and comments.
it’s one of those things where, maybe practically its unlikely to be used against you, but especially in a context like this site it seems undeniably bad to have our social networks mapped and (for those who are logged in at least) connected back to our real accounts, or at least browser fingerprints, in this way.
The way many of them work is when you click the “Share” button to grab a link to share, it creates a unique identifier tied to your account and tacks it onto the link. Then when others click it, they can get a picture of how the link spread, despite the dissemination of the link happening off site. Maybe one share generated 10,000 clicks and others might only get 1 or 2. Its likely mostly being used for marketing but there’s nothing to say if it becomes useful it couldn’t be pulled by law enforcement too to help map groups.
It’s one more piece of metadata.
If nobody you communicate with cares about being connected to you or vice versa then it’s not a big deal. On mobile there are URL cleaners, several on F Droid, which use share providers to receive the original URL and then share it again to your destination app. Also browser add-ons like https://addons.mozilla.org/en-US/firefox/addon/clearurls/ to strip them from hyperlinks in browsers (but be wary of heavy JS sites, it may not be bulletproof)
Also checkout this app for android
https://f-droid.org/packages/com.trianguloy.urlchecker/
Acts as a default browser so you can edit links and open them in a browser of choice, its great and lightweight
Imagine going to a casino. You’ve implicitly angreed to being tracked by the casino’s many cameras. Then you decide to count cards. Now the pit boss kicks you out and your face and name are recorded in a ledger that follows you through every casino.
Delete it or use clearurl like another poster mentioned. The tokens in URLs can be used to transmit any sort of info about you to whatever server is serving the URL.
The tokens don’t always transmit personal info, sometimes it’s mundane shit like “did this link get clicked from an email vs a partner website?” without any identifying info - but you can never be sure unless the tracking parameters are in plain text, like http://MyAwesomeAppsite.com/about?referral=email (There are more standard ones than this but you get the gist. https://en.m.wikipedia.org/wiki/UTM_parameters)
Most of the time the token is encoded though, in such a way that human won’t understand what’s being transmitted but the server will: http://MyAwesomeAppsite.com/about/a?qj277ebehkde0a72cb2a2c7
https://en.m.wikipedia.org/wiki/Query_string#Tracking
Point is it’s probably never useful for you to click a link like this.
like the suffix in the url? yeah i always try to delete that shit