Earlier today I came across a Reddit comment with a link to an Instagram post. The link had ?igsh= at the end.
When I clicked on the link, I got this popup. It had a name and profile photo that was different from that of the post being shared.
Join Firstname Lastname on Instagram
See photos, videos, and more from Firstname Lastname.
[ Open Instagram ]
not now
I avoid link trackers. However, I did not realize it was this bad.
To my knowledge, TikTok does the same thing and lists the name of the person that shared the link. Assuming this increases engagement, any website could enable such a feature, even on old links that you shared in the past.
You should manually remove any trackers before sharing, or use an app for it.
For anyone who wants to take this seriously but doesn’t know what to do:
TL;DR: Chop off everything after the question mark.
Usually these trackers are at the end of the URL, after a ?. That’s called the “query string parameters” of the URL, and it’s where developers will attach extra information for the server or page. Often, those are benign and useful: It’s a token that identifies you to the server, or it’s context about what you’re trying to do. Sometimes you can eyeball the query string params and guess what they do, e.g.:
coolvideos.com/videos/5432?fullscreen=true&autoplay=true&time=12021
or
cheapshoes.com/search?query=adidas+tennis&category=womens&filter=discounted
or
https://m.youtube.com/watch?v=dQw4w9WgXcQ
If you chopped off everything after the question mark, the URL should still work, it’d just give you a default version of that page. In both of these examples, there would be no privacy risk to sharing these URLs somewhere.
But query string params are also where alot of marketing/tracking bullshit goes. When you see URLs with UTM params like “utm_medium” and “utm_campaign”, that’s marketing bullshit. They can also contain info about who you are, like what OP is describing: If it’s some kind of referral link for example, then it might look like pyramidscheme.com/special-offer?associate_id=455&source=facebook. It might be esoteric too, like the “igsh” param in OP’s post (which I assume is short for “Instagram share” or something?). That WOULD be a privacy concern.
So yeah… Often you can eyeball it and figure out what (if anything) to remove… And if in doubt, try chopping off the question mark and everything following it, and see if the URL still works.
Firefox has an option called copy link without trackers on their desktop version which covers a lot of this.
It doesn’t cover YouTube link trackers :/
Yeah I was surprised about it. That tracking parameter is one that I notice the most and almost everyone includes it. It made me think that feature is either broken, or in misunderstanding what it supposed to do.
I use an extension that handles A LOT of these unneeded parameters for me on desktop FF, and on Android i use an app that does some processing on URLs, among it cleaning URLs, as my default browser so it gets to URLs before i open any. This saves me some manual handling.
Untracker lets you copy links on Android without tracking parameters, but it’s so annoying in YouTube. I have to click the share button to get the fake YouTube share menu and then swipe past preferred options that I never use to reach the “more” option that reveals the real share menu and then select Untracker to see the link and then it gives me the option to copy (for sharing) or share (which also gives the option to copy). Often going through this process causes YouTube to stop playing.
ClearURLs is the only thing that works for me. Adguard and Firefox have tracking removal features, but they don’t seem to work most of the time.
It does remove
?feature=sharedand?si=...fromyoutu.belinks. Maybe not fromyoutube.comlinks, though I’m not sure how people get those in the first place.
Safari too, part of default tracking prevention, though both browsers miss a lot of tracker types, so extensions are still needed to handle the rest.
