• cybersandwich@lemmy.world
    link
    fedilink
    English
    arrow-up
    60
    arrow-down
    4
    ·
    11 months ago

    What this has done for me has highlighted how many things are tracker me and how badly those things are designed because they don’t fail gracefully.

    I had a telehealth visit link today that broke using this feature. So that’s nice to know. My virtual doctors appointments are being tracked by a third party.

    • Buffalobuffalo@reddthat.com
      link
      fedilink
      English
      arrow-up
      39
      arrow-down
      2
      ·
      edit-2
      11 months ago

      Edit, looks like Firefox is smarter than me, ignore this.

      I don’t know what the link was doing, but just because FF thought it was “tracking info” does not mean it was nefarious. It could be used for authentication or security. I have not tested it, but I presume this would break a “reset your password” email link.

      • Knusper@feddit.de
        link
        fedilink
        English
        arrow-up
        8
        ·
        11 months ago

        I’m rather certain, the way it works is that it removes parameters that are named like well-known tracking parameters. For example, most webpages use Google Analytics, so you see UTM parameters everywhere.

        A “reset your password” link could theoretically use a parameter that’s named utm_content, then it would presumably get removed by this feature, but I see no sane reason why one would name their password-reset parameter like that.
        In general, such tracking parameters are usually named in a way that it will rarely clash with other parameters a webpage may want to use, so for example they may have a prefix like utm_.

        • Buffalobuffalo@reddthat.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Looking at some comments on the linked post, I think you are right, and it would probably be fine for things like a password reset. I could play around with it, but my laptop is in the other room.

    • Coasting0942@reddthat.com
      link
      fedilink
      English
      arrow-up
      21
      ·
      11 months ago

      Umm, your telehealth link was basically a one time password to log you in/authenticate you.

      This feature is for browsing the web where you shouldn’t have to identify yourself to visit a blog about Ravens. If you’re visiting your bank, a service you already use, etc, then the unique url was more for them to confirm it’s you because only you have that unique url.

    • ubermeisters@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      3
      ·
      edit-2
      11 months ago

      Yep. I stopped using my local medical center’s app because wouldn’t you know, they sold my info to a fuckload of 4th parties. Spam from the email I setup, 100% for only the account (Firefox relay), evidences the facts directly.

      Pretty fucking gross misconduct in my opinion.

    • deleted@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      This is a good step forward for privacy. However, how it’ll handle data embedded in the URL like MVC?

      Also, if it does work well, it’s a matter of time until developers find a way to get around it and probably enhance and increase data collected in the process.