submitted 7 months ago* (last edited 7 months ago) by RedWizard@hexbear.net to c/chapotraphouse@hexbear.net

27 comments fedilink hide all child comments

This is an example of a share URL provided to you from TikTok when you click the "Share Link" button from the share menu:

https://www.tiktok.com/t/ABCDE1gHIJk2/

When you click that link, it will redirect you to a link like this:

https://www.tiktok.com/@fakename/video/1234567890101112131?_r=1&_t=1aB2CDe3fG

It has some extra bits at the end, so let me show you it's breakdown:

https://www.tiktok.com/@fakename/video/1234567890101112131 is the actual URL to the video you want to share. When you see a ? at the end of the URL, you are entering into the parameter zone.

?_r=1&_t=1aB2CDe3fG is not required to share the video, and it is the bit of data the app needs so it can present the popup you see after clicking the shared URL. When you click a shared URL a box appears before the video that says:

<Username> has shared you a video! 
<Profile Image> 
Do you want to watch & follow, or just watch?

[ Watch & Follow! ]
[ Watch ]

If your display name on TikTok is your whole name, well, everyone clicking the link now knows your name. If your TikTok username is a common username you use on the wider internet, well now you've linked that common username to the name you use here. If you're posting videos on your account that show your face... you get the idea.

So what should I do?

When you click the share button and get the link, open it in your phone or computer's browser first. Then, copy the part of the URL that is BEFORE the ? and share that link. There are also TikTok privacy front ends for TikTok like ProxiTok. One easy way to provide those links instead of a direct link is to use Farside.link. You do so by adding https://farside.link/ to the front of the TikTok URL. Like this: https://farside.link/https://www.tiktok.com/@fakename/video/1234567890101112131. Farside also works for things like Twitter, Reddit, Instagram, among others.

Anyway, hopefully this helps some people. Stay safe comrades.

all 30 comments

sorted by: hot top controversial new old

[-] CyberSyndicalist@hexbear.net 24 points 7 months ago

@dessalines@lemmy.ml

Someone should make an issue for common referrer/tracking urls to be automatically scrubbed on submission. Would retain privacy and also help to disincentivize affiliate link spam.

I don't want to use my github account for opsec reasons

[-] dessalines@lemmy.ml 15 points 7 months ago

We already do some scrubbing on links, so you could add this to the clean_urls function in lemmy. Lmk when you have a PR for that.

[-] BakedCatboy@lemmy.ml 7 points 7 months ago

It would be cool if it was possible to use https://github.com/ClearURLs/Rules/ as a rule source, either as a built in option or configurable with a config option.

[-] dessalines@lemmy.ml 8 points 7 months ago

Totally agree, I'd def appreciate if someone could add that as a git submodule and do a PR. Open an issue if you would.

[-] RedWizard@hexbear.net 6 points 7 months ago* (last edited 7 months ago)

I'll take a look at adding their repo as a sub module to Lemmy.

[-] RedWizard@hexbear.net 2 points 7 months ago

Alright, not sure if I understood the assignment, but I've created a pull request that adds the CleanURL repo as a submodule and created an issue for it: https://github.com/LemmyNet/lemmy/issues/4905

[-] dessalines@lemmy.ml 2 points 7 months ago

Sweet thx, I made a post about this because it needs a lot more work than just pulling in a git submodule. https://lemmy.ml/post/18162485

[-] RedWizard@hexbear.net 2 points 7 months ago

Yeah, I realized that afterwards. I've not dabbled in rust yet, but I'm very rust-curious, so maybe this is my time to learn haha.

[-] dessalines@lemmy.ml 3 points 7 months ago

[-] RedWizard@hexbear.net 2 points 7 months ago

I'm already looking at what codecadamy has to offer 😄.

[-] Awoo@hexbear.net 7 points 7 months ago* (last edited 7 months ago)

Their profile page is still under construction I'm not sure they would know how. But hopefully someone does because it's a solid suggestion. Maybe hexbear could add it then push it up.

[-] quarrk@hexbear.net 13 points 7 months ago

Building it into the platform would be incredible

[-] oregoncom@hexbear.net 3 points 7 months ago

Also are images being scrubbed of metadata?

[-] CyberSyndicalist@hexbear.net 3 points 7 months ago

They are on hexbear, not sure if stock lemmy does.

[-] drinkinglakewater@hexbear.net 18 points 7 months ago* (last edited 7 months ago)

Would also recommend the CleanURLs extension that tries to remove tracking elements from URLs you click. It's not 100% perfect, especially against those shortcut links, but the "Copy Clean URL" button when you right click makes it easy to share stuff without the tracking bullshit

[-] citrussy_capybara@hexbear.net 16 points 7 months ago* (last edited 7 months ago)

appreciate the PSA, seeing more bad links with trackers shared lately

the new reddit-logo share button also does this, and the youtube &si= tracker

another option if an obfuscated link from someone else, use a site like https://urlex.org/ to expand the url without opening the link and activating the tracking, then edit the url to generic

[-] quarrk@hexbear.net 15 points 7 months ago

Anyone who uses TikTok should visit the privacy settings and turn off all the options under “Suggest your account to others”, especially the one for “People who open or send links to you”.

Since turning this off, my shared links don’t display my username anymore. There are still some parameters left, presumably for tracking, so the advice in this post is still applicable even with this setting turned off.

[-] RedWizard@hexbear.net 4 points 7 months ago

This is good advice, I've had those off long enough that I forgot I turned them off.

[-] Assian_Candor@hexbear.net 11 points 7 months ago* (last edited 7 months ago)

Do ? exclusively precede parameters? Like could we extend the site to drop parameters either automatically or optionally (opt in?). Seems like it would be easy w regex

I don't know shit about rust but I could fuck around and see if I could get it to work, it's about time I did something useful around here

Edit: we could easily do it for a subset of domains like tiktok and YouTube etc

[-] underisk@hexbear.net 10 points 7 months ago* (last edited 7 months ago)

? Is the part of the url that marks the start of the parameters section, which is a list of key=value pairs separated by &.

Some URLs require those to properly link to the resource you’re trying to share, they’re not entirely tracking data except on certain parts of sites like Twitter and apparently TikTok. For example YouTube uses the parameter “t” when you link to a specific timestamp in a video.

Edit: also do not use regex to parse a URL. Plenty of library code out there to do that without going down that dark path.

[-] RedWizard@hexbear.net 3 points 7 months ago

But if you have to use regex use something like CleanURL's providers json file. No need to reinvent the wheel and its crowd sourced.

[-] underisk@hexbear.net 4 points 7 months ago

Programming is all about finding the code other people wrote that does 90% of what you need then gluing it together by writing that last 10%. Unless you’re maintaining a library, in which case thank you for your service.

[-] OptimusSubprime@hexbear.net 11 points 7 months ago

This whole thread is full of very useful information. I love it. Thank you! stalin-heart

[-] RedWizard@hexbear.net 5 points 7 months ago

Any time comrade!

[-] erik@hexbear.net 8 points 7 months ago

I avoid this issue by being too old to have a TikTok account.

[-] HexBeara@hexbear.net 7 points 7 months ago

Look at me, making history day at a time, a post about me showing my whole doodooass. Good post though, I'm ignorant about this kind of stuff and I'm sure others may be as well, and going forward there shouldn't be anymore issues (concerning tiktok at least)