Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Privacy Security

iOS 17 Automatically Removes Tracking Parameters From Links You Click On (9to5mac.com) 54

Posted by msmash from the no-mercy dept.
iOS 17 and macOS Sonoma include even more privacy-preserving features while browsing the web. From a report: Link Tracking Protection is a new feature automatically activated in Mail, Messages, and Safari in Private Browsing mode. It detects user-identifiable tracking parameters in link URLs, and automatically removes them.

Adding tracking parameters to links is one way advertisers and analytics firms try to track user activity across websites. Rather than storing third-party cookies, a tracking identifier is simply added to the end of the page URL. This would circumvent Safari's standard intelligent tracking prevention features that block cross-site cookies and other methods of session storage. Navigating to that URL allows an analytics or advertising service at the destination to read the URL, extract those same unique parameters, and associate it with their backend user profile to serve personalized ads.
This discussion has been archived. No new comments can be posted.

iOS 17 Automatically Removes Tracking Parameters From Links You Click On More

iOS 17 Automatically Removes Tracking Parameters From Links You Click On

Comments Filter:
  • It is only the fact that Apple is a premium device maker of which people are more likely to spend money that trackers are willing to put up with this tampering with urls. Soon you will see sites that refuse to load if tracking "drm" is removed.

    • Re:Leading to an arms race (Score:4, Insightful)

      by registrations_suck ( 1075251 ) on Thursday June 08, 2023 @10:42AM (#63585858)

      That's fine. If websites and want self-identify as a place that someone doesn't want to do business with, I don't see the problem.

      Personally, I don't care if websites track me. I'm not all that interesting. If they can think they can get something insightful from anything I'm doing, have at it.

      • Re:Leading to an arms race (Score:5, Insightful)

        by tysonedwards ( 969693 ) on Thursday June 08, 2023 @10:57AM (#63585882)
        Not only affecting "tracking data". For example, on my server metrics panel it strips out the "deviceAlias" field which is a request to the server to "please request logs for 192.168.1.50, which I have named webServer". I am supportive of blocking the bad guys, but still needs some tuning to avoid collateral damage for not-really-a-tracker requests.
        • That was my first thought, too. I'm kind of glad you found a concrete example of it. Stripping out parts of the query string could cause significant collateral damage on non-spam links. This seems like a feature that wasn't very well thought out.

          • How do you know it hasn't been well thought out, it hasn't even been released yet?

            • Shipping to the public, albeit under a Beta, is not a release?

              • Re: (Score:2)

                by drnb ( 2434720 )

                Shipping to the public, albeit under a Beta, is not a release?

                Technically they have not shipped a public beta, the current beta is supposed to be only for developers. No implementations are final.

            • Re: (Score:2, Insightful)

              by Chelloveck ( 14643 )

              How do you know it hasn't been well thought out, it hasn't even been released yet?

              Would you be happier if I rephrased it by saying, "This feature as currently implemented has not been well thought out."? Obviously it can be changed at some point in the future, but given the testimonial by tysonedwards that it's interfering with server metrics, it's not working in its present form. Moreover, it's failing in exactly the way any experienced web developer who spent ten seconds thinking about it would predict

      • Re: (Score:1)

        by Anonymous Coward

        Just what I've come to expect from the, "I have nothing to hide crowd". Maybe you NEVER have anything to hide (yeah right), there's still another problem. What if information collected on you is used to incorrectly assume something about you? It's not always clear when you're being harmed by mega corps. Maybe they're just charging you more for a product or service. Think insurance as a very clear example, prices vary a lot. The harm could be relatively small at first but adds up over time. If multipl

      • I'm not all that interesting.

        "It won't happen to me!"

    • Soon you will see sites that refuse to load if tracking "drm" is removed.

      Maybe but you can't very well block people you are emailing, as you have no idea what they are reading email with!

      There is no "arms race" possible when one side has enough sheer numbers, and Apple has the numbers in terms of users - especially of iOS devices. It's not realistic to block all Apple users from anything, not if your goal (or at least a need) is to make money.

    • Ads tried to pull this, which led to browsers loading those ads and pretending to render them by putting them on an invisible canvas.

      Tracking can easily be thwarted, especially by a company like Apple, by jumbling about tracking cookies and other types of tracking between various users of the technology, rendering the tracking information useless.

      • You mean like privacy possum?

        But that won't matter anyways if there are no more third party cookies, which is the current direction we're going in. The tracking URLs are the only thing you can act on beyond that, but it wouldn't be hard for websites to defeat this means of circumvention. Basically you replace the tracking parameters with a single highly obfuscated (or even encrypted) encoded parameter.

        This has already been done as well, in fact fuckerbook started doing this recently and for exactly this rea

    • If those sites want to lose a double-digit percentage of their US traffic, then they are more than welcome to break Safari browsing sessions in order to continue trying to track users. Fuck them.

      Don't put a bunch of tracker bullshit in your URLs and you don't have a problem. And, users like me won't actively look to fire you and find someone else to do my business with.

    • Comment removed based on user account deletion

    • If the website doesn't work on an iPhone, people will blame the website. After all, other websites work just fine.

  • Many emails now have a single 100+ character string and the destination forwards you to the relevant page, making most email links useless if they delete that all-in-one hash.

    I guess if trackers are still dumb enough to include a &track_id=you addendumb. But aren't most trackers today sort of like self destructing links in that they simply don't link to anything if you alter any part of the hashed link?

    • Seems like we'll be stuck with everyone moving to opaque URLs that don't tell you where you'll end up on a domain.

    • Email tracking is its own special hell that google basically forces you into if you run a newsletter. If you send messages that don't get interacted with, they stop letting you deliver mail to them. So basically you're expected to filter out users who don't open mail / click links, forcing you to track individuals.

      • Which is ridiculous because I constantly have to resubscribe to things because I want to skim. I don't even use Google for email.

  • This is a nothingburger because tracking still exists in in-app browsers. People aren't using safari, they are using the browsers built in to their favorit apps. They need to ban in-app browsers and force developers to open links in safari for this change to matter at all.

    • Re: (Score:2)

      by Depili ( 749436 )
      Actually so far if you want to do a in-app browser on iOS you are forced into using safari. Even the chrome and firefox apps are just some additional integration on top of the safari engine as you can't use anything else. There are some lawsuits in progress for getting rid of this limitation.

      • Actually so far if you want to do a in-app browser on iOS you are forced into using safari. Even the chrome and firefox apps are just some additional integration on top of the safari engine as you can't use anything else. There are some lawsuits in progress for getting rid of this limitation.

        So, if I run wget on iOS, does that have to go through Safari? What about my own program that just sends bits to port 80/443? Is this enforced in the network stack? If not, can't another browser just send bits directly to port 80/443? If not, then wow, you'd really have to believe in Apple as a beneficent dictator.

      • Actually, I'm not talking about the rendering engine. I'm talking about the browser. You realize tiktok injects javascript into every page you view in its in-app browser? Yes, it does this on ios.

  • This will kill affiliate marketing (Score:3)

    by www.sorehands.com ( 142825 ) on Thursday June 08, 2023 @11:47AM (#63586034) Homepage

    Many affiliate marketing systems use this, not just spam. There was one porn spammer that I deposed that the affiliate link would be http://www.site.name/affiliate... [site.name].

    The site id would be the particular web site of the affiliate program. The program id would be which type payment preference, ie. pay per click, per signup, or revenue share.

    They would then convert this value into a "session id" which is stored in a temporary table.

    By removing this 'tracking' information affiliates (sometimes it's not always spam, thinking maybe maybe Rakuten) will not be paid for referrals.

    • Re: (Score:2)

      by slazzy ( 864185 )
      It's possible for affiliate programs to respond, just encode all the information into one string such as: page.com/4534534534543 Then if Apple browsers or anyone else attempts to modify the string it will return 404 not found.
      • And your revenue goes to zero.

        • Re: (Score:2)

          by v1 ( 525388 )

          If they can't figure out which of their ad campaigns took the user to their page, they won't know who to attribute the "click-through" to ,and so they'll lose out on the revenue anyway.

          Those URL parameters can be used for tracking, affiliate identification, or any number of other metrics like which other page on the same web site the user just came from or what the ID of their shopping cart on the site it. USEFUL things, things that the web page can't operate properly without.

          Imagine clicking "Add to Cart"

  • Where google changes target URL one-click to better track you?

  • But Apple is just going to keep being Apple.

  • Time saver (Score:3)

    by krisbrowne42 ( 549049 ) on Thursday June 08, 2023 @01:04PM (#63586276)
    Anytime I share a link, I trim out the UTM and other junk parameters myself... This is a Good Thing for users, and if ad companies want to escalate with Apple they'll find they're targeting a much better funded opponent. What I really expect is for some coalition of ad folks to try to bring this to Congress as an anti-competitive action and force Apple to roll it back.
  • I feel like advertisers have been abusing web apis, cookies, and any method of fingerprinting a browser possible without reprocussions. It's about time operating systems and web browsers starting fighting back against this abuse. A person attempting to sell cars shouldn't have access to the entire worlds browsing history
  • Don't have tracjing parameters on links at all. Go back to the good old ways. Sorted.
  • Because they tend to be a very long string of gibberish that bloats the url size to over twice as long or more making it an absolute pain to copy and paste. I'm surprised to see this 'in the clear' tracking being done in this day and age. Which makes me wonder if their tracking results can be tainted by replacing some of these gibberish characters with random characters.
  • How do they know what a tracking link is in a URL? This is useless - the two entities I want privacy from are Google and Apple. Little companies I don't worry about.

Slashdot Top Deals

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Close