URL shorteners set ad tracking cookies

497 点作者 firloop超过 4 年前

43 条评论

TimLeland超过 4 年前

This is really interesting. I suppose tiny url gets a kicked back from their ad network for this. I'm the creator of the URL shortener (T.LY) and a Link Unshortener tool. I spend most of my development time fighting bad actors. My goal is to have a legitimate competitor to bitly that people benefit from. We do not set any cookies on redirects but do use cookies for authentication for users.T.LY: <a href="https://t.ly/" rel="nofollow">https://t.ly/</a>Link Unshortener: <a href="https://linkunshorten.com/" rel="nofollow">https://linkunshorten.com/</a>

评论 #25626365 未加载

评论 #25629078 未加载

评论 #25626527 未加载

评论 #25761220 未加载

评论 #25628983 未加载

madars超过 4 年前

Wow! <a href="https://preview.tinyurl.com/examplezoom" rel="nofollow">https://preview.tinyurl.com/examplezoom</a> really shows <a href="https://zoom.us/j/123456789" rel="nofollow">https://zoom.us/j/123456789</a> link whereas Chrome network inspector confirms the viglink.com redirect. uBlock origin blocks the latter via Dan Pollock’s hosts file and Peter Lowe’s Ad and tracking server list.

评论 #25626285 未加载

评论 #25626371 未加载

codefined超过 4 年前

I currently host <a href="https://femto.pw/" rel="nofollow">https://femto.pw/</a> - A URL shortener I've kept up for ~4 years and intend to indefinitely. It doesn't do anything with regards to tracking cookies or other dark patterns. It just redirects you using a 302 redirect.

评论 #25624956 未加载

评论 #25625524 未加载

评论 #25643390 未加载

vitus超过 4 年前

Tinyurl actually has a preview feature, which you can enable by default.<a href="https://preview.tinyurl.com/examplezoom" rel="nofollow">https://preview.tinyurl.com/examplezoom</a>Curiously, this specific tracking behavior (both the redirect and the cookie) goes away when turning on previews.(Incidentally, my uBlock origin filters block the VigLink redirect as a tracker, by default, as a sibling commenter points out.)

rsync超过 4 年前

Although "Oh By"[1] is not strictly a URL shortener it can be used as one quite nicely.When used as a URL shortener, there are no cookies, no tracking, and ublock origin shows a nice big zero throughout. This is because the revenue model of Oh By is selling custom/vanity codes - not monetizing user data or advertising."If you're looking for a dead-simple URL shortener that respects your privacy and doesn't slow you down with ads or multi-megabyte interstitial pages, Oh By might be for you."[2][1] <a href="https://0x.co" rel="nofollow">https://0x.co</a>[2] <a href="https://0x.co/faq.html" rel="nofollow">https://0x.co/faq.html</a>

评论 #25624647 未加载

评论 #25624611 未加载

npunt超过 4 年前

Everything that sits between you and your destination is a middleman tracking you, unless proven otherwise.

评论 #25627918 未加载

musicale超过 4 年前

Isn't tracking the entire business model of URL shorteners?

pluc超过 4 年前

Wasn't the primary use of URL shorteners to compress a given URL in order to reduce the character count? Given today's Twitter, what are they still used for besides visual convenience?Do youtu.be, t.co, fb.me and dlvr.it next!

评论 #25625432 未加载

评论 #25625146 未加载

评论 #25625348 未加载

评论 #25625142 未加载

评论 #25625905 未加载

评论 #25625342 未加载

methyl超过 4 年前

We use Cloudflare Workers as a very simple URL shortener [1]. It has very generous free tier (100k requests per day) so it's more than enough for a lot of use cases.[1] <a href="https://lucjan.medium.com/free-url-shortener-with-cloudflare-workers-125eaf87b1ec" rel="nofollow">https://lucjan.medium.com/free-url-shortener-with-cloudflare...</a>

评论 #25627914 未加载

ornornor超过 4 年前

<a href="https://is.gd" rel="nofollow">https://is.gd</a> is the best url shortened I know of. Straight to the point, fast, light, no snooping or tracking.

评论 #25629542 未加载

axegon_超过 4 年前

Not particularly surprising. I was building a url shortner some 12-13 years ago but eventually abandoned it. But this was exactly how I planned to monetize it.

评论 #25626005 未加载

l1am0超过 4 年前

For exactly this problem I did build <a href="https://unshort.link" rel="nofollow">https://unshort.link</a>It is a service that unshortens the url and removes (if possible) the tracking parameters.It is GPL3, allows Easy Self Hosting and has an automatic browser plug-in

forrestthewoods超过 4 年前

I really wish web browsers would strip tracking code bullshit from URLs. When I copy/paste a link for friends I always manually edit that crap.On the other hand I do love websites like WireCutter which only exists because of referral codes.

评论 #25628581 未加载

评论 #25627335 未加载

hooande超过 4 年前

If I recall correctly, Viglink does affiliate marketing. Essentially they are setting an affiliate cookie to make money from anything you purchase on Amazon, Walmart.com, Ebay, etc. This cookie will override any other that was already set. So if you clicked a link to a book from a blog post and then clicked on a tinyurl, they would get the affiliate referral money and not the blog.It's an easy way to make money because it doesn't involve a long sales process with major advertisers. Viglink does all that. tinyurl, bitly, et al are probably making a fair amount given their reach

评论 #25629466 未加载

start123超过 4 年前

TinyURL and a several free alternatives have been known to do it for a while now. But, not everybody does this to be clear.Running a free URL shortener costs time and money which is why they do it. For my URL shortening service <a href="https://blanq.io" rel="nofollow">https://blanq.io</a>, I am planning to remove this feature and only support custom domains. Free shortening is highly abused by spam and its a daily battle to be one step ahead of them.Last week, a single bad user created a phishing link and brought down the entire site for an hour until I was able to restore it.Lesson learned.

tomaszs超过 4 年前

I am not surprised. URL shorteners will try to monetize eventually. One way is to support ad networks, other is to show ads and videos before navigating to the target URL. I am 100% sure TOS allow it since the beginning.As far it seems to be a grim future, it is almost only way they can monetize. Otherwise they will close their businesses rendering millions of URLs broken, what I think is the future that is too easy to predict.

评论 #25628013 未加载

评论 #25626049 未加载

m2f2超过 4 年前

Delete your cookies regularly... here's how with Python and Firefox. Maximum privacy, no need for extensions.<pre><code> import sqlite3 import pprint def cnt(): rows=csr.execute("select count(*) as nr from moz_cookies").fetchall() return rows[0][0] db=sqlite3.connect(r'C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\YYYYYYYYYYYYYYYYYY\cookies.sqlite') csr=db.cursor() ckbefore=cnt() rows=csr.execute("select host,count(*) as nr from moz_cookies group by 1").fetchall() for r in rows: print("- %3d %s" % (int(r[1]),r[0]) ) csr.execute("delete from moz_cookies where host not in (" " 'your', 'own', 'list', 'of', " " 'sites', 'you', 'trust')") db.commit() ckafter=cnt() print("%d > %d cookies" % (ckbefore,ckafter) ); csr.close() db.close()</code></pre>

polote超过 4 年前

Don't want to be mean, but just to inform you, guidelines says "Please don't delete and repost. Deletion is for things that shouldn't have been submitted in the first place." and I know you have posted and then deleted the same post yesterday. It is fine to repost if you didn't get notice no worries

评论 #25625777 未加载

reilly3000超过 4 年前

I honestly thought that was common knowledge. Like why else would you use a URL shortener, since Twitter started doing it on their own?I can do more to help web users understand trackers... perhaps I will work on that this year.I’ve worked in and around the space for too long to see outside of my bubble.

Eriks超过 4 年前

Not all URL shorteners do that. I know because I own and maintain one that doesn't.

评论 #25624354 未加载

calmchaos超过 4 年前

Use Cookiebro webextension to get rid of such tracking cookies automatically. Problem solved.<a href="https://nodetics.com/cookiebro" rel="nofollow">https://nodetics.com/cookiebro</a>

jrochkind1超过 4 年前

They could of course be sharing the click "back channel" with the ad network without any visible redirect at all, and still capturing just as much data. I guess it couldn't actually set a cookie with the viglink.com domain though.Is that important enough to risk being "found out", or do they just not care that much about being found out, so went with the somewhat technically easier to implement but visible to end-user option?

6510超过 4 年前

I use to run into a sci usenet poster who usually provided 10-30 shortened links with his postings pointing at books, papers and previous postings (google groups). Arguing over a topic he one time explained he had a clear analytics picture of what references other posters did and didn't read, who [silently] participated in the discussions, how much people read before and after writing a response, etc.

评论 #25632631 未加载

rxm超过 4 年前

Some URL shorteners provide a copy of their mappings to the Internet Archive as a promise that if they stop functioning for any reason the archive will continue to provide the mapping (and make the mapping file available).[0]: <a href="https://archive.org/details/301works-faq" rel="nofollow">https://archive.org/details/301works-faq</a>

lilyball超过 4 年前

Isn't this kind of redirection to set a cookie something explicitly blocked by Safari's Block Cross-Site Tracking feature? And I believe Firefox introduced a similar feature as well (not sure about Chrome). I feel like this kind of redirect thing was explicitly called out in the blog post announcing the very first version of this feature.

nnx超过 4 年前

Does this kind of cookie work anymore at all with browsers who use restrictive rules for third party cookies? (like Safari)

CarelessExpert超过 4 年前

Eh, for links to content on my website I just cooked up my own URL shortener using Apache rewrite maps and a little scripting to generate the short codes. Simple, private, and entirely under my control (which also means I don't have to worry about the links breaking).

评论 #25624790 未加载

rkagerer超过 4 年前

I'm an avid tinyurl user. Anyone from that site want to explain their justification for this before I stop using your service?What's a good alternative (with the ability to tailor the shortened url)? I wouldn't mind paying a couple bucks a year.

评论 #25630362 未加载

cccspr超过 4 年前

I noticed that share buttons like sharethis and addthis do it also. I bet if you look deep into their privacy policy (which no one does) it'll vaguely mention their data acquisition and "monetization" usage.

评论 #25628656 未加载

dillondoyle超过 4 年前

Maybe cookie stuffing for incentive payments? e.g. why those coupon sites make a ton of money even though they have zero to do with purchase intent (someone searching for a coupon is already in their cart about to buy).

eznzt超过 4 年前

This post is a clear example of why the cookie law is an overreach. If you don't want websites setting cookies on your browser, why don't you configure your browser not to save cookies?

appleflaxen超过 4 年前

His GDPR letter is quite well written, too<a href="https://ylukem.com/files/_viglink-gdpr-email.png" rel="nofollow">https://ylukem.com/files/_viglink-gdpr-email.png</a>

评论 #25627199 未加载

arsonaut超过 4 年前

cookie dropping is more common than people realize.I've created a free service with no ads and completely free that also generates qrcodes (<a href="https://qrli.to" rel="nofollow">https://qrli.to</a>)The problem with url shortners is usually the abuse they get (from affiliate tracking above to MLM or CPL for dating sites). However the entry barrier is so low and they are still a relevant part of the infrastructure, not surprised bitly and tinyurl are monetizing this way.

bluedino超过 4 年前

Another reason I use a publicly curated HOSTS file (search GitHub hosts file for examples), even if it is a little annoying that those links break.

floatingatoll超过 4 年前

Are these cookies being caught and blocked/discarded/etc by Safari Intelligent Tracking Protection on macOS Big Sur and iOS 14?

LdSGSgvupDV超过 4 年前

Is it possible to get rid of tracking by disabling the third-party cookies in browser?

tsjq超过 4 年前

Pls pardon my ignorance.Is this not addressed by blocking all 3rd party cookies at the Browser ?

everdrive超过 4 年前

Why do url shorteners even exist? They literally add no benefit whatsoever.

评论 #25628567 未加载

评论 #25628668 未加载

评论 #25632148 未加载

评论 #25627366 未加载

okprod超过 4 年前

Is yourls.org an alternative? Requires some work though

m00x超过 4 年前

The title should be "TinyURL sets ad tracking cookies" as this is the only one proven to do in this article.There are tons of URL shorteners, and not all of them do this.

评论 #25625572 未加载

wolco2超过 4 年前

Not my personal url shortener.

baxtr超过 4 年前

Of course they do? How would erst make money otherwise?

评论 #25624786 未加载

ForHackernews超过 4 年前

How is this news in 2021?I remember going to talks by tech people at link-shortener companies (bit.ly, IIRC) in like 2012 where they were talking about all the fancy analytics and tracking they offered and why it was so great that you should route all your links through them to get more "insight" into visitors.